Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1160 (GCVE-0-2022-1160)
Vulnerability from cvelistv5 – Published: 2022-03-30 00:00 – Updated: 2024-08-02 23:55
VLAI?
EPSS
Title
heap buffer overflow in get_one_sourceline in vim/vim
Summary
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Severity ?
7.3 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"name": "FEDORA-2022-d776fcfe60",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "8.2.4647",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"name": "FEDORA-2022-d776fcfe60",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "GLSA-202208-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a6f3222d-2472-439d-8881-111138a5694c",
"discovery": "EXTERNAL"
},
"title": "heap buffer overflow in get_one_sourceline in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1160",
"datePublished": "2022-03-30T00:00:00.000Z",
"dateReserved": "2022-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.2.4647\", \"matchCriteriaId\": \"20A4B7FE-5A0C-425E-9A22-D7653221D8DD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer de la pila en get_one_sourceline en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4647\"}]",
"id": "CVE-2022-1160",
"lastModified": "2024-11-21T06:40:09.530",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 5.3}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-03-30T19:15:07.767",
"references": "[{\"url\": \"https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db\", \"source\": \"security@huntr.dev\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-32\", \"source\": \"security@huntr.dev\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-16\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1160\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2022-03-30T19:15:07.767\",\"lastModified\":\"2024-11-21T06:40:09.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer de la pila en get_one_sourceline en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4647\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.5,\"impactScore\":5.3}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.2.4647\",\"matchCriteriaId\":\"20A4B7FE-5A0C-425E-9A22-D7653221D8DD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://security.gentoo.org/glsa/202208-32\",\"source\":\"security@huntr.dev\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-16\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
MSRC_CVE-2022-1160
Vulnerability from csaf_microsoft - Published: 2022-03-02 00:00 - Updated: 2022-04-06 00:00Summary
heap buffer overflow in get_one_sourceline in vim/vim
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1160 heap buffer overflow in get_one_sourceline in vim/vim - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-1160.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "heap buffer overflow in get_one_sourceline in vim/vim",
"tracking": {
"current_release_date": "2022-04-06T00:00:00.000Z",
"generator": {
"date": "2025-10-19T23:23:33.139Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-1160",
"initial_release_date": "2022-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2022-04-06T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 vim 8.2.4763-1",
"product": {
"name": "\u003ccm1 vim 8.2.4763-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 vim 8.2.4763-1",
"product": {
"name": "cm1 vim 8.2.4763-1",
"product_id": "18741"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 vim 8.2.4743-1",
"product": {
"name": "\u003ccbl2 vim 8.2.4743-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 vim 8.2.4743-1",
"product": {
"name": "cbl2 vim 8.2.4743-1",
"product_id": "18758"
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 vim 8.2.4763-1 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 vim 8.2.4763-1 as a component of CBL Mariner 1.0",
"product_id": "18741-16820"
},
"product_reference": "18741",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 vim 8.2.4743-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 vim 8.2.4743-1 as a component of CBL Mariner 2.0",
"product_id": "18758-17086"
},
"product_reference": "18758",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1160",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "general",
"text": "@huntrdev",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18741-16820",
"18758-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1160 heap buffer overflow in get_one_sourceline in vim/vim - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-1160.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-06T00:00:00.000Z",
"details": "8.2.4763-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-04-06T00:00:00.000Z",
"details": "8.2.4743-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "heap buffer overflow in get_one_sourceline in vim/vim"
}
]
}
CVE-2022-1160
Vulnerability from fstec - Published: 28.03.2022
VLAI Severity ?
Title
Уязвимость функции get_one_sourceline() текстового редактора Vim, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Description
Уязвимость функции get_one_sourceline() текстового редактора Vim связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или выполнить произвольный код, путем открытия специально созданного файла
Severity ?
Vendor
Сообщество свободного программного обеспечения, Fedora Project, АО «ИВК»
Software Name
Debian GNU/Linux, Fedora, Альт 8 СП (запись в едином реестре российских программ №4305), vim
Software Version
10 (Debian GNU/Linux), 34 (Fedora), 11 (Debian GNU/Linux), 35 (Fedora), - (Альт 8 СП), до 8.2.4647 (vim)
Possible Mitigations
Использование рекомендаций:
Для Vim:
https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/
Для Debian:
https://security-tracker.debian.org/tracker/CVE-2022-1160
Для ОС Альт 8 СП:
установка обновления из публичного репозитория программного средства
Reference
https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db
https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/
https://security-tracker.debian.org/tracker/CVE-2022-1160
https://bugzilla.redhat.com/show_bug.cgi?id=2070437
https://nvd.nist.gov/vuln/detail/CVE-2022-1160
https://security.gentoo.org/glsa/202208-32
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-122, CWE-787
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:P/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 34 (Fedora), 11 (Debian GNU/Linux), 35 (Fedora), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 8.2.4647 (vim)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Vim:\nhttps://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2022-1160\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \n\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.03.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.10.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.06.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03909",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1160",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Fedora, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), vim",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 34 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Fedora Project Fedora 35 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 get_one_sourceline() \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 get_one_sourceline() \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db \nhttps://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/\nhttps://security-tracker.debian.org/tracker/CVE-2022-1160\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2070437\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1160\nhttps://security.gentoo.org/glsa/202208-32\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,7)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}
GSD-2022-1160
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1160",
"description": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.",
"id": "GSD-2022-1160",
"references": [
"https://www.suse.com/security/cve/CVE-2022-1160.html",
"https://security.archlinux.org/CVE-2022-1160",
"https://alas.aws.amazon.com/cve/html/CVE-2022-1160.html",
"https://advisories.mageia.org/CVE-2022-1160.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1160"
],
"details": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.",
"id": "GSD-2022-1160",
"modified": "2023-12-13T01:19:27.743764Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1160",
"STATE": "PUBLIC",
"TITLE": "heap buffer overflow in get_one_sourceline in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.4647"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"name": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"name": "FEDORA-2022-d776fcfe60",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202305-16"
}
]
},
"source": {
"advisory": "a6f3222d-2472-439d-8881-111138a5694c",
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.4647",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1160"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"name": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"name": "FEDORA-2022-d776fcfe60",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"name": "FEDORA-2022-e62adccfca",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"name": "GLSA-202208-32",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"name": "GLSA-202305-16",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-16"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-05-03T12:15Z",
"publishedDate": "2022-03-30T19:15Z"
}
}
}
OPENSUSE-SU-2024:12337-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
gvim-9.0.0453-2.1 on GA media
Notes
Title of the patch
gvim-9.0.0453-2.1 on GA media
Description of the patch
These are all security issues fixed in the gvim-9.0.0453-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12337
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gvim-9.0.0453-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gvim-9.0.0453-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12337",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12337-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46059 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0213 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0261 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0318 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0319 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0351 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0359 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0361 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0368 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0392 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0407 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0408 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0413 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0554 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0629 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0685 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0729 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0943 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1160 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1420 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1616 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1619 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1620 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1621 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1629 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1674 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1720 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1733 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1735 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1769 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1771 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1785 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1796 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1851 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1897 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1898 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1927 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1942 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1968 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2000 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2042 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2124 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2126 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2129 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2175 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2182 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2183 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2206 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2207 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2208 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2210 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2231 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2264 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2284 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2286 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2287 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2288 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2289 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2304 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2343 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2344 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2345 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2580 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2581 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2598 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2817 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2819 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2849 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2862 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2874 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2923 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2946 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2980 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3016 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3037 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3153 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3153/"
}
],
"title": "gvim-9.0.0453-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12337-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.0453-2.1.aarch64",
"product": {
"name": "gvim-9.0.0453-2.1.aarch64",
"product_id": "gvim-9.0.0453-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.0.0453-2.1.aarch64",
"product": {
"name": "vim-9.0.0453-2.1.aarch64",
"product_id": "vim-9.0.0453-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.0453-2.1.aarch64",
"product": {
"name": "vim-data-9.0.0453-2.1.aarch64",
"product_id": "vim-data-9.0.0453-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.0453-2.1.aarch64",
"product": {
"name": "vim-data-common-9.0.0453-2.1.aarch64",
"product_id": "vim-data-common-9.0.0453-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.0453-2.1.aarch64",
"product": {
"name": "vim-small-9.0.0453-2.1.aarch64",
"product_id": "vim-small-9.0.0453-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.0453-2.1.ppc64le",
"product": {
"name": "gvim-9.0.0453-2.1.ppc64le",
"product_id": "gvim-9.0.0453-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.0.0453-2.1.ppc64le",
"product": {
"name": "vim-9.0.0453-2.1.ppc64le",
"product_id": "vim-9.0.0453-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.0453-2.1.ppc64le",
"product": {
"name": "vim-data-9.0.0453-2.1.ppc64le",
"product_id": "vim-data-9.0.0453-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.0453-2.1.ppc64le",
"product": {
"name": "vim-data-common-9.0.0453-2.1.ppc64le",
"product_id": "vim-data-common-9.0.0453-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.0453-2.1.ppc64le",
"product": {
"name": "vim-small-9.0.0453-2.1.ppc64le",
"product_id": "vim-small-9.0.0453-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.0453-2.1.s390x",
"product": {
"name": "gvim-9.0.0453-2.1.s390x",
"product_id": "gvim-9.0.0453-2.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.0.0453-2.1.s390x",
"product": {
"name": "vim-9.0.0453-2.1.s390x",
"product_id": "vim-9.0.0453-2.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.0453-2.1.s390x",
"product": {
"name": "vim-data-9.0.0453-2.1.s390x",
"product_id": "vim-data-9.0.0453-2.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.0453-2.1.s390x",
"product": {
"name": "vim-data-common-9.0.0453-2.1.s390x",
"product_id": "vim-data-common-9.0.0453-2.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.0453-2.1.s390x",
"product": {
"name": "vim-small-9.0.0453-2.1.s390x",
"product_id": "vim-small-9.0.0453-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.0453-2.1.x86_64",
"product": {
"name": "gvim-9.0.0453-2.1.x86_64",
"product_id": "gvim-9.0.0453-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.0.0453-2.1.x86_64",
"product": {
"name": "vim-9.0.0453-2.1.x86_64",
"product_id": "vim-9.0.0453-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.0453-2.1.x86_64",
"product": {
"name": "vim-data-9.0.0453-2.1.x86_64",
"product_id": "vim-data-9.0.0453-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.0453-2.1.x86_64",
"product": {
"name": "vim-data-common-9.0.0453-2.1.x86_64",
"product_id": "vim-data-common-9.0.0453-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.0453-2.1.x86_64",
"product": {
"name": "vim-small-9.0.0453-2.1.x86_64",
"product_id": "vim-small-9.0.0453-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.0453-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64"
},
"product_reference": "gvim-9.0.0453-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.0453-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le"
},
"product_reference": "gvim-9.0.0453-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.0453-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x"
},
"product_reference": "gvim-9.0.0453-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.0453-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64"
},
"product_reference": "gvim-9.0.0453-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.0453-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64"
},
"product_reference": "vim-9.0.0453-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.0453-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le"
},
"product_reference": "vim-9.0.0453-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.0453-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x"
},
"product_reference": "vim-9.0.0453-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.0453-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64"
},
"product_reference": "vim-9.0.0453-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.0453-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64"
},
"product_reference": "vim-data-9.0.0453-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.0453-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le"
},
"product_reference": "vim-data-9.0.0453-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.0453-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x"
},
"product_reference": "vim-data-9.0.0453-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.0453-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64"
},
"product_reference": "vim-data-9.0.0453-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.0453-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64"
},
"product_reference": "vim-data-common-9.0.0453-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.0453-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le"
},
"product_reference": "vim-data-common-9.0.0453-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.0453-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x"
},
"product_reference": "vim-data-common-9.0.0453-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.0453-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64"
},
"product_reference": "vim-data-common-9.0.0453-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.0453-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64"
},
"product_reference": "vim-small-9.0.0453-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.0453-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le"
},
"product_reference": "vim-small-9.0.0453-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.0453-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x"
},
"product_reference": "vim-small-9.0.0453-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.0453-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
},
"product_reference": "vim-small-9.0.0453-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46059"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46059",
"url": "https://www.suse.com/security/cve/CVE-2021-46059"
},
{
"category": "external",
"summary": "SUSE Bug 1194556 for CVE-2021-46059",
"url": "https://bugzilla.suse.com/1194556"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-46059"
},
{
"cve": "CVE-2022-0213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0213"
}
],
"notes": [
{
"category": "general",
"text": "vim is vulnerable to Heap-based Buffer Overflow",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0213",
"url": "https://www.suse.com/security/cve/CVE-2022-0213"
},
{
"category": "external",
"summary": "SUSE Bug 1194885 for CVE-2022-0213",
"url": "https://bugzilla.suse.com/1194885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0213"
},
{
"cve": "CVE-2022-0261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0261"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0261",
"url": "https://www.suse.com/security/cve/CVE-2022-0261"
},
{
"category": "external",
"summary": "SUSE Bug 1194872 for CVE-2022-0261",
"url": "https://bugzilla.suse.com/1194872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0261"
},
{
"cve": "CVE-2022-0318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0318"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0318",
"url": "https://www.suse.com/security/cve/CVE-2022-0318"
},
{
"category": "external",
"summary": "SUSE Bug 1195004 for CVE-2022-0318",
"url": "https://bugzilla.suse.com/1195004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0318"
},
{
"cve": "CVE-2022-0319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0319"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0319",
"url": "https://www.suse.com/security/cve/CVE-2022-0319"
},
{
"category": "external",
"summary": "SUSE Bug 1195066 for CVE-2022-0319",
"url": "https://bugzilla.suse.com/1195066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-0319"
},
{
"cve": "CVE-2022-0351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0351"
}
],
"notes": [
{
"category": "general",
"text": "Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0351",
"url": "https://www.suse.com/security/cve/CVE-2022-0351"
},
{
"category": "external",
"summary": "SUSE Bug 1195126 for CVE-2022-0351",
"url": "https://bugzilla.suse.com/1195126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-0351"
},
{
"cve": "CVE-2022-0359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0359"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0359",
"url": "https://www.suse.com/security/cve/CVE-2022-0359"
},
{
"category": "external",
"summary": "SUSE Bug 1195203 for CVE-2022-0359",
"url": "https://bugzilla.suse.com/1195203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0359"
},
{
"cve": "CVE-2022-0361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0361"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0361",
"url": "https://www.suse.com/security/cve/CVE-2022-0361"
},
{
"category": "external",
"summary": "SUSE Bug 1195202 for CVE-2022-0361",
"url": "https://bugzilla.suse.com/1195202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0361"
},
{
"cve": "CVE-2022-0368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0368"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0368",
"url": "https://www.suse.com/security/cve/CVE-2022-0368"
},
{
"category": "external",
"summary": "SUSE Bug 1195205 for CVE-2022-0368",
"url": "https://bugzilla.suse.com/1195205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0368"
},
{
"cve": "CVE-2022-0392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0392"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0392",
"url": "https://www.suse.com/security/cve/CVE-2022-0392"
},
{
"category": "external",
"summary": "SUSE Bug 1195332 for CVE-2022-0392",
"url": "https://bugzilla.suse.com/1195332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0392"
},
{
"cve": "CVE-2022-0407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0407"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0407",
"url": "https://www.suse.com/security/cve/CVE-2022-0407"
},
{
"category": "external",
"summary": "SUSE Bug 1195354 for CVE-2022-0407",
"url": "https://bugzilla.suse.com/1195354"
},
{
"category": "external",
"summary": "SUSE Bug 1208308 for CVE-2022-0407",
"url": "https://bugzilla.suse.com/1208308"
},
{
"category": "external",
"summary": "SUSE Bug 1208649 for CVE-2022-0407",
"url": "https://bugzilla.suse.com/1208649"
},
{
"category": "external",
"summary": "SUSE Bug 1208651 for CVE-2022-0407",
"url": "https://bugzilla.suse.com/1208651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0407"
},
{
"cve": "CVE-2022-0408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0408"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0408",
"url": "https://www.suse.com/security/cve/CVE-2022-0408"
},
{
"category": "external",
"summary": "SUSE Bug 1195459 for CVE-2022-0408",
"url": "https://bugzilla.suse.com/1195459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0408"
},
{
"cve": "CVE-2022-0413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0413"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0413",
"url": "https://www.suse.com/security/cve/CVE-2022-0413"
},
{
"category": "external",
"summary": "SUSE Bug 1195356 for CVE-2022-0413",
"url": "https://bugzilla.suse.com/1195356"
},
{
"category": "external",
"summary": "SUSE Bug 1208308 for CVE-2022-0413",
"url": "https://bugzilla.suse.com/1208308"
},
{
"category": "external",
"summary": "SUSE Bug 1208651 for CVE-2022-0413",
"url": "https://bugzilla.suse.com/1208651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0413"
},
{
"cve": "CVE-2022-0554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0554"
}
],
"notes": [
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0554",
"url": "https://www.suse.com/security/cve/CVE-2022-0554"
},
{
"category": "external",
"summary": "SUSE Bug 1195846 for CVE-2022-0554",
"url": "https://bugzilla.suse.com/1195846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0554"
},
{
"cve": "CVE-2022-0572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0572"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0572",
"url": "https://www.suse.com/security/cve/CVE-2022-0572"
},
{
"category": "external",
"summary": "SUSE Bug 1196023 for CVE-2022-0572",
"url": "https://bugzilla.suse.com/1196023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0572"
},
{
"cve": "CVE-2022-0629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0629"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0629",
"url": "https://www.suse.com/security/cve/CVE-2022-0629"
},
{
"category": "external",
"summary": "SUSE Bug 1196226 for CVE-2022-0629",
"url": "https://bugzilla.suse.com/1196226"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0629"
},
{
"cve": "CVE-2022-0685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0685"
}
],
"notes": [
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0685",
"url": "https://www.suse.com/security/cve/CVE-2022-0685"
},
{
"category": "external",
"summary": "SUSE Bug 1196227 for CVE-2022-0685",
"url": "https://bugzilla.suse.com/1196227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0685"
},
{
"cve": "CVE-2022-0729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0729"
}
],
"notes": [
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0729",
"url": "https://www.suse.com/security/cve/CVE-2022-0729"
},
{
"category": "external",
"summary": "SUSE Bug 1196437 for CVE-2022-0729",
"url": "https://bugzilla.suse.com/1196437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-0729"
},
{
"cve": "CVE-2022-0943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0943"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0943",
"url": "https://www.suse.com/security/cve/CVE-2022-0943"
},
{
"category": "external",
"summary": "SUSE Bug 1197225 for CVE-2022-0943",
"url": "https://bugzilla.suse.com/1197225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0943"
},
{
"cve": "CVE-2022-1154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1154"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1154",
"url": "https://www.suse.com/security/cve/CVE-2022-1154"
},
{
"category": "external",
"summary": "SUSE Bug 1197813 for CVE-2022-1154",
"url": "https://bugzilla.suse.com/1197813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1154"
},
{
"cve": "CVE-2022-1160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1160"
}
],
"notes": [
{
"category": "general",
"text": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1160",
"url": "https://www.suse.com/security/cve/CVE-2022-1160"
},
{
"category": "external",
"summary": "SUSE Bug 1197814 for CVE-2022-1160",
"url": "https://bugzilla.suse.com/1197814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1160"
},
{
"cve": "CVE-2022-1420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1420"
}
],
"notes": [
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1420",
"url": "https://www.suse.com/security/cve/CVE-2022-1420"
},
{
"category": "external",
"summary": "SUSE Bug 1198748 for CVE-2022-1420",
"url": "https://bugzilla.suse.com/1198748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1420"
},
{
"cve": "CVE-2022-1616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1616"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1616",
"url": "https://www.suse.com/security/cve/CVE-2022-1616"
},
{
"category": "external",
"summary": "SUSE Bug 1199331 for CVE-2022-1616",
"url": "https://bugzilla.suse.com/1199331"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1616"
},
{
"cve": "CVE-2022-1619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1619"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1619",
"url": "https://www.suse.com/security/cve/CVE-2022-1619"
},
{
"category": "external",
"summary": "SUSE Bug 1199333 for CVE-2022-1619",
"url": "https://bugzilla.suse.com/1199333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1619"
},
{
"cve": "CVE-2022-1620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1620"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1620",
"url": "https://www.suse.com/security/cve/CVE-2022-1620"
},
{
"category": "external",
"summary": "SUSE Bug 1199334 for CVE-2022-1620",
"url": "https://bugzilla.suse.com/1199334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1620"
},
{
"cve": "CVE-2022-1621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1621"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1621",
"url": "https://www.suse.com/security/cve/CVE-2022-1621"
},
{
"category": "external",
"summary": "SUSE Bug 1199435 for CVE-2022-1621",
"url": "https://bugzilla.suse.com/1199435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1621"
},
{
"cve": "CVE-2022-1629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1629"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1629",
"url": "https://www.suse.com/security/cve/CVE-2022-1629"
},
{
"category": "external",
"summary": "SUSE Bug 1199436 for CVE-2022-1629",
"url": "https://bugzilla.suse.com/1199436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1629"
},
{
"cve": "CVE-2022-1674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1674"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1674",
"url": "https://www.suse.com/security/cve/CVE-2022-1674"
},
{
"category": "external",
"summary": "SUSE Bug 1199502 for CVE-2022-1674",
"url": "https://bugzilla.suse.com/1199502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1674"
},
{
"cve": "CVE-2022-1720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1720"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1720",
"url": "https://www.suse.com/security/cve/CVE-2022-1720"
},
{
"category": "external",
"summary": "SUSE Bug 1200732 for CVE-2022-1720",
"url": "https://bugzilla.suse.com/1200732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1720"
},
{
"cve": "CVE-2022-1733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1733"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1733",
"url": "https://www.suse.com/security/cve/CVE-2022-1733"
},
{
"category": "external",
"summary": "SUSE Bug 1199655 for CVE-2022-1733",
"url": "https://bugzilla.suse.com/1199655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1733"
},
{
"cve": "CVE-2022-1735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1735"
}
],
"notes": [
{
"category": "general",
"text": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1735",
"url": "https://www.suse.com/security/cve/CVE-2022-1735"
},
{
"category": "external",
"summary": "SUSE Bug 1199651 for CVE-2022-1735",
"url": "https://bugzilla.suse.com/1199651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1735"
},
{
"cve": "CVE-2022-1769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1769"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1769",
"url": "https://www.suse.com/security/cve/CVE-2022-1769"
},
{
"category": "external",
"summary": "SUSE Bug 1199658 for CVE-2022-1769",
"url": "https://bugzilla.suse.com/1199658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1769"
},
{
"cve": "CVE-2022-1771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1771"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1771",
"url": "https://www.suse.com/security/cve/CVE-2022-1771"
},
{
"category": "external",
"summary": "SUSE Bug 1199693 for CVE-2022-1771",
"url": "https://bugzilla.suse.com/1199693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1771"
},
{
"cve": "CVE-2022-1785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1785"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1785",
"url": "https://www.suse.com/security/cve/CVE-2022-1785"
},
{
"category": "external",
"summary": "SUSE Bug 1199745 for CVE-2022-1785",
"url": "https://bugzilla.suse.com/1199745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1785"
},
{
"cve": "CVE-2022-1796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1796"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.4979.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1796",
"url": "https://www.suse.com/security/cve/CVE-2022-1796"
},
{
"category": "external",
"summary": "SUSE Bug 1199747 for CVE-2022-1796",
"url": "https://bugzilla.suse.com/1199747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1796"
},
{
"cve": "CVE-2022-1851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1851"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1851",
"url": "https://www.suse.com/security/cve/CVE-2022-1851"
},
{
"category": "external",
"summary": "SUSE Bug 1199936 for CVE-2022-1851",
"url": "https://bugzilla.suse.com/1199936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1851"
},
{
"cve": "CVE-2022-1886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1886"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1886",
"url": "https://www.suse.com/security/cve/CVE-2022-1886"
},
{
"category": "external",
"summary": "SUSE Bug 1199969 for CVE-2022-1886",
"url": "https://bugzilla.suse.com/1199969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1886"
},
{
"cve": "CVE-2022-1897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1897"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1897",
"url": "https://www.suse.com/security/cve/CVE-2022-1897"
},
{
"category": "external",
"summary": "SUSE Bug 1200010 for CVE-2022-1897",
"url": "https://bugzilla.suse.com/1200010"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1897"
},
{
"cve": "CVE-2022-1898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1898"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1898",
"url": "https://www.suse.com/security/cve/CVE-2022-1898"
},
{
"category": "external",
"summary": "SUSE Bug 1200011 for CVE-2022-1898",
"url": "https://bugzilla.suse.com/1200011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1898"
},
{
"cve": "CVE-2022-1927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1927"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1927",
"url": "https://www.suse.com/security/cve/CVE-2022-1927"
},
{
"category": "external",
"summary": "SUSE Bug 1200012 for CVE-2022-1927",
"url": "https://bugzilla.suse.com/1200012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1942"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1942",
"url": "https://www.suse.com/security/cve/CVE-2022-1942"
},
{
"category": "external",
"summary": "SUSE Bug 1200125 for CVE-2022-1942",
"url": "https://bugzilla.suse.com/1200125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-1968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1968"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1968",
"url": "https://www.suse.com/security/cve/CVE-2022-1968"
},
{
"category": "external",
"summary": "SUSE Bug 1200270 for CVE-2022-1968",
"url": "https://bugzilla.suse.com/1200270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1968"
},
{
"cve": "CVE-2022-2000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2000"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2000",
"url": "https://www.suse.com/security/cve/CVE-2022-2000"
},
{
"category": "external",
"summary": "SUSE Bug 1200405 for CVE-2022-2000",
"url": "https://bugzilla.suse.com/1200405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-2000"
},
{
"cve": "CVE-2022-2042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2042"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2042",
"url": "https://www.suse.com/security/cve/CVE-2022-2042"
},
{
"category": "external",
"summary": "SUSE Bug 1200471 for CVE-2022-2042",
"url": "https://bugzilla.suse.com/1200471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-2042"
},
{
"cve": "CVE-2022-2124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2124"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2124",
"url": "https://www.suse.com/security/cve/CVE-2022-2124"
},
{
"category": "external",
"summary": "SUSE Bug 1200697 for CVE-2022-2124",
"url": "https://bugzilla.suse.com/1200697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2124"
},
{
"cve": "CVE-2022-2125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2125"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2125",
"url": "https://www.suse.com/security/cve/CVE-2022-2125"
},
{
"category": "external",
"summary": "SUSE Bug 1200698 for CVE-2022-2125",
"url": "https://bugzilla.suse.com/1200698"
},
{
"category": "external",
"summary": "SUSE Bug 1205395 for CVE-2022-2125",
"url": "https://bugzilla.suse.com/1205395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2125"
},
{
"cve": "CVE-2022-2126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2126"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2126",
"url": "https://www.suse.com/security/cve/CVE-2022-2126"
},
{
"category": "external",
"summary": "SUSE Bug 1200700 for CVE-2022-2126",
"url": "https://bugzilla.suse.com/1200700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2126"
},
{
"cve": "CVE-2022-2129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2129"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2129",
"url": "https://www.suse.com/security/cve/CVE-2022-2129"
},
{
"category": "external",
"summary": "SUSE Bug 1200701 for CVE-2022-2129",
"url": "https://bugzilla.suse.com/1200701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2175"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2175",
"url": "https://www.suse.com/security/cve/CVE-2022-2175"
},
{
"category": "external",
"summary": "SUSE Bug 1200904 for CVE-2022-2175",
"url": "https://bugzilla.suse.com/1200904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2182"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2182",
"url": "https://www.suse.com/security/cve/CVE-2022-2182"
},
{
"category": "external",
"summary": "SUSE Bug 1200903 for CVE-2022-2182",
"url": "https://bugzilla.suse.com/1200903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-2183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2183"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2183",
"url": "https://www.suse.com/security/cve/CVE-2022-2183"
},
{
"category": "external",
"summary": "SUSE Bug 1200902 for CVE-2022-2183",
"url": "https://bugzilla.suse.com/1200902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2206"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2206",
"url": "https://www.suse.com/security/cve/CVE-2022-2206"
},
{
"category": "external",
"summary": "SUSE Bug 1201155 for CVE-2022-2206",
"url": "https://bugzilla.suse.com/1201155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2207"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2207",
"url": "https://www.suse.com/security/cve/CVE-2022-2207"
},
{
"category": "external",
"summary": "SUSE Bug 1201153 for CVE-2022-2207",
"url": "https://bugzilla.suse.com/1201153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2208"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2208",
"url": "https://www.suse.com/security/cve/CVE-2022-2208"
},
{
"category": "external",
"summary": "SUSE Bug 1201152 for CVE-2022-2208",
"url": "https://bugzilla.suse.com/1201152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2210"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2210",
"url": "https://www.suse.com/security/cve/CVE-2022-2210"
},
{
"category": "external",
"summary": "SUSE Bug 1201151 for CVE-2022-2210",
"url": "https://bugzilla.suse.com/1201151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2231"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2231",
"url": "https://www.suse.com/security/cve/CVE-2022-2231"
},
{
"category": "external",
"summary": "SUSE Bug 1201150 for CVE-2022-2231",
"url": "https://bugzilla.suse.com/1201150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2264"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2264",
"url": "https://www.suse.com/security/cve/CVE-2022-2264"
},
{
"category": "external",
"summary": "SUSE Bug 1201132 for CVE-2022-2264",
"url": "https://bugzilla.suse.com/1201132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2284"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2284",
"url": "https://www.suse.com/security/cve/CVE-2022-2284"
},
{
"category": "external",
"summary": "SUSE Bug 1201133 for CVE-2022-2284",
"url": "https://bugzilla.suse.com/1201133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2286"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2286",
"url": "https://www.suse.com/security/cve/CVE-2022-2286"
},
{
"category": "external",
"summary": "SUSE Bug 1201135 for CVE-2022-2286",
"url": "https://bugzilla.suse.com/1201135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2287"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2287",
"url": "https://www.suse.com/security/cve/CVE-2022-2287"
},
{
"category": "external",
"summary": "SUSE Bug 1201136 for CVE-2022-2287",
"url": "https://bugzilla.suse.com/1201136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2288"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2288",
"url": "https://www.suse.com/security/cve/CVE-2022-2288"
},
{
"category": "external",
"summary": "SUSE Bug 1201137 for CVE-2022-2288",
"url": "https://bugzilla.suse.com/1201137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2289"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2289",
"url": "https://www.suse.com/security/cve/CVE-2022-2289"
},
{
"category": "external",
"summary": "SUSE Bug 1201139 for CVE-2022-2289",
"url": "https://bugzilla.suse.com/1201139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2304"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2304",
"url": "https://www.suse.com/security/cve/CVE-2022-2304"
},
{
"category": "external",
"summary": "SUSE Bug 1201249 for CVE-2022-2304",
"url": "https://bugzilla.suse.com/1201249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2304"
},
{
"cve": "CVE-2022-2343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2343"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2343",
"url": "https://www.suse.com/security/cve/CVE-2022-2343"
},
{
"category": "external",
"summary": "SUSE Bug 1201356 for CVE-2022-2343",
"url": "https://bugzilla.suse.com/1201356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2344"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2344",
"url": "https://www.suse.com/security/cve/CVE-2022-2344"
},
{
"category": "external",
"summary": "SUSE Bug 1201359 for CVE-2022-2344",
"url": "https://bugzilla.suse.com/1201359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2345"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2345",
"url": "https://www.suse.com/security/cve/CVE-2022-2345"
},
{
"category": "external",
"summary": "SUSE Bug 1201363 for CVE-2022-2345",
"url": "https://bugzilla.suse.com/1201363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2571"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2571",
"url": "https://www.suse.com/security/cve/CVE-2022-2571"
},
{
"category": "external",
"summary": "SUSE Bug 1202046 for CVE-2022-2571",
"url": "https://bugzilla.suse.com/1202046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2571"
},
{
"cve": "CVE-2022-2580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2580"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2580",
"url": "https://www.suse.com/security/cve/CVE-2022-2580"
},
{
"category": "external",
"summary": "SUSE Bug 1202049 for CVE-2022-2580",
"url": "https://bugzilla.suse.com/1202049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2580"
},
{
"cve": "CVE-2022-2581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2581"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2581",
"url": "https://www.suse.com/security/cve/CVE-2022-2581"
},
{
"category": "external",
"summary": "SUSE Bug 1202050 for CVE-2022-2581",
"url": "https://bugzilla.suse.com/1202050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2581"
},
{
"cve": "CVE-2022-2598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2598"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2598",
"url": "https://www.suse.com/security/cve/CVE-2022-2598"
},
{
"category": "external",
"summary": "SUSE Bug 1202051 for CVE-2022-2598",
"url": "https://bugzilla.suse.com/1202051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2598"
},
{
"cve": "CVE-2022-2816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2816"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2816",
"url": "https://www.suse.com/security/cve/CVE-2022-2816"
},
{
"category": "external",
"summary": "SUSE Bug 1202421 for CVE-2022-2816",
"url": "https://bugzilla.suse.com/1202421"
},
{
"category": "external",
"summary": "SUSE Bug 1203576 for CVE-2022-2816",
"url": "https://bugzilla.suse.com/1203576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2816"
},
{
"cve": "CVE-2022-2817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2817"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0213.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2817",
"url": "https://www.suse.com/security/cve/CVE-2022-2817"
},
{
"category": "external",
"summary": "SUSE Bug 1202420 for CVE-2022-2817",
"url": "https://bugzilla.suse.com/1202420"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2817"
},
{
"cve": "CVE-2022-2819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2819"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2819",
"url": "https://www.suse.com/security/cve/CVE-2022-2819"
},
{
"category": "external",
"summary": "SUSE Bug 1202414 for CVE-2022-2819",
"url": "https://bugzilla.suse.com/1202414"
},
{
"category": "external",
"summary": "SUSE Bug 1203576 for CVE-2022-2819",
"url": "https://bugzilla.suse.com/1203576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2819"
},
{
"cve": "CVE-2022-2849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2849"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2849",
"url": "https://www.suse.com/security/cve/CVE-2022-2849"
},
{
"category": "external",
"summary": "SUSE Bug 1202512 for CVE-2022-2849",
"url": "https://bugzilla.suse.com/1202512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2849"
},
{
"cve": "CVE-2022-2862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2862"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2862",
"url": "https://www.suse.com/security/cve/CVE-2022-2862"
},
{
"category": "external",
"summary": "SUSE Bug 1202511 for CVE-2022-2862",
"url": "https://bugzilla.suse.com/1202511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2862"
},
{
"cve": "CVE-2022-2874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2874"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2874",
"url": "https://www.suse.com/security/cve/CVE-2022-2874"
},
{
"category": "external",
"summary": "SUSE Bug 1202552 for CVE-2022-2874",
"url": "https://bugzilla.suse.com/1202552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2874"
},
{
"cve": "CVE-2022-2889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2889"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0225.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2889",
"url": "https://www.suse.com/security/cve/CVE-2022-2889"
},
{
"category": "external",
"summary": "SUSE Bug 1202599 for CVE-2022-2889",
"url": "https://bugzilla.suse.com/1202599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2889"
},
{
"cve": "CVE-2022-2923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2923"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2923",
"url": "https://www.suse.com/security/cve/CVE-2022-2923"
},
{
"category": "external",
"summary": "SUSE Bug 1202687 for CVE-2022-2923",
"url": "https://bugzilla.suse.com/1202687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2923"
},
{
"cve": "CVE-2022-2946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2946"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0246.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2946",
"url": "https://www.suse.com/security/cve/CVE-2022-2946"
},
{
"category": "external",
"summary": "SUSE Bug 1202689 for CVE-2022-2946",
"url": "https://bugzilla.suse.com/1202689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2946"
},
{
"cve": "CVE-2022-2980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2980"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2980",
"url": "https://www.suse.com/security/cve/CVE-2022-2980"
},
{
"category": "external",
"summary": "SUSE Bug 1203155 for CVE-2022-2980",
"url": "https://bugzilla.suse.com/1203155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2980"
},
{
"cve": "CVE-2022-2982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2982"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0260.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2982",
"url": "https://www.suse.com/security/cve/CVE-2022-2982"
},
{
"category": "external",
"summary": "SUSE Bug 1203152 for CVE-2022-2982",
"url": "https://bugzilla.suse.com/1203152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2982"
},
{
"cve": "CVE-2022-3016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3016"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0286.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3016",
"url": "https://www.suse.com/security/cve/CVE-2022-3016"
},
{
"category": "external",
"summary": "SUSE Bug 1202862 for CVE-2022-3016",
"url": "https://bugzilla.suse.com/1202862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-3016"
},
{
"cve": "CVE-2022-3037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3037"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3037",
"url": "https://www.suse.com/security/cve/CVE-2022-3037"
},
{
"category": "external",
"summary": "SUSE Bug 1202962 for CVE-2022-3037",
"url": "https://bugzilla.suse.com/1202962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-3037"
},
{
"cve": "CVE-2022-3153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3153"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3153",
"url": "https://www.suse.com/security/cve/CVE-2022-3153"
},
{
"category": "external",
"summary": "SUSE Bug 1203272 for CVE-2022-3153",
"url": "https://bugzilla.suse.com/1203272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.0453-2.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.0453-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3153"
}
]
}
FKIE_CVE-2022-1160
Vulnerability from fkie_nvd - Published: 2022-03-30 19:15 - Updated: 2024-11-21 06:40
Severity ?
Summary
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vim | vim | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20A4B7FE-5A0C-425E-9A22-D7653221D8DD",
"versionEndExcluding": "8.2.4647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer de la pila en get_one_sourceline en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4647"
}
],
"id": "CVE-2022-1160",
"lastModified": "2024-11-21T06:40:09.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 5.3,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-30T19:15:07.767",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"source": "security@huntr.dev",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"source": "security@huntr.dev",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"source": "security@huntr.dev",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2022-1160
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-11-10 07:00 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware
Notes
Summary
UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.
Impact
Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Remediation
Update to the latest LTS Firmware Release.
Update to the latest LTS PLCnext Engineer Release.
Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the latest LTS Firmware Release.\nUpdate to the latest LTS PLCnext Engineer Release.\n\nPlease check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT PSIRT ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-046: PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-046/"
},
{
"category": "self",
"summary": "VDE-2022-046: PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-046.json"
}
],
"title": "PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2022-046"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-01T06:22:01.779Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-046",
"initial_release_date": "2022-11-10T07:00:00.000Z",
"revision_history": [
{
"date": "2022-10-11T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2022-11-24T07:51:00.000Z",
"number": "2",
"summary": "Update A"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "ENERGY AXC PU",
"product": {
"name": "ENERGY AXC PU",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1502",
"product": {
"name": "EPC 1502",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1522",
"product": {
"name": "EPC 1522",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1185423"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC SG",
"product": {
"name": "SMARTRTU AXC SG",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2022.0.8 LTS",
"product": {
"name": "Firmware \u003c2022.0.8 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cV04.14.00.00",
"product": {
"name": "Firmware \u003cV04.14.00.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c2022.0.7 LTS",
"product": {
"name": "Firmware \u003c2022.0.7 LTS",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003cV01.09.00.00",
"product": {
"name": "Firmware \u003cV01.09.00.00",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "2022.0.8 LTS",
"product": {
"name": "Firmware 2022.0.8 LTS",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V04.14.00.00",
"product": {
"name": "Firmware V04.14.00.00",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "2022.0.7 LTS",
"product": {
"name": "Firmware 2022.0.7 LTS",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "V01.09.00.00",
"product": {
"name": "Firmware V01.09.00.00",
"product_id": "CSAFPID-22004"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV04.14.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V04.14.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.7 LTS installed on EPC 1502",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.7 LTS installed on EPC 1502",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.7 LTS installed on EPC 1522",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.7 LTS installed on EPC 1522",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11009"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-23308",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-23308"
},
{
"cve": "CVE-2022-28391",
"notes": [
{
"category": "description",
"text": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\u0027s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\u0027s colors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-28391"
},
{
"cve": "CVE-2022-0547",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0547"
},
{
"cve": "CVE-2022-1381",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1381"
},
{
"cve": "CVE-2022-1420",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1420"
},
{
"cve": "CVE-2022-1733",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1733"
},
{
"cve": "CVE-2022-1796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.4979.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1796"
},
{
"cve": "CVE-2022-1621",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1621"
},
{
"cve": "CVE-2022-1616",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1616"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25313"
},
{
"cve": "CVE-2021-45117",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-45117"
},
{
"cve": "CVE-2022-1619",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1619"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "description",
"text": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25235"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-1629",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1629"
},
{
"cve": "CVE-2022-1735",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1735"
},
{
"cve": "CVE-2022-1769",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1769"
},
{
"cve": "CVE-2022-1785",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1785"
},
{
"cve": "CVE-2022-1620",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1620"
},
{
"cve": "CVE-2022-1674",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1674"
},
{
"cve": "CVE-2022-1771",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1771"
},
{
"cve": "CVE-2022-1886",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1886"
},
{
"cve": "CVE-2022-1851",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1851"
},
{
"cve": "CVE-2022-1898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1898"
},
{
"cve": "CVE-2022-1720",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1720"
},
{
"cve": "CVE-2018-25032",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2022-22576",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-27778",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "description",
"text": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when \u0027--no-clobber\u0027 is used together with \u0027--remove-on-error\u0027.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "description",
"text": "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl\u0027s \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27782",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "description",
"text": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27774",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25314"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25315"
},
{
"cve": "CVE-2022-27776",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-30115",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-27780",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "description",
"text": "The curl URL parser wrongly accepts percent-encoded URL separators like \u0027/\u0027when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like \u0027http://example.com%2F127.0.0.1/\u0027, would be allowed bythe parser and get transposed into \u0027http://example.com/127.0.0.1/\u0027. This flawcan be used to circumvent filters, checks and more.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "libcurl provides the \u0027CURLOPT_CERTINFO\u0027 option to allow applications torequest details to be returned about a server\u0027s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27775",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "A malicious server can serve excessive amounts of \u0027Set-Cookie:\u0027 headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \u0027foo.example.com\u0027 can set cookies that also would match for \u0027bar.example.com\u0027, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2019-19906",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2022-24407",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-24407"
},
{
"cve": "CVE-2022-1154",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1154"
},
{
"cve": "CVE-2022-0943",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0943"
},
{
"cve": "CVE-2022-1160",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1160"
},
{
"cve": "CVE-2022-0729",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0729"
},
{
"cve": "CVE-2022-0572",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0572"
},
{
"cve": "CVE-2022-0696",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0696"
},
{
"cve": "CVE-2022-0685",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0685"
},
{
"cve": "CVE-2022-0714",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0714"
},
{
"cve": "CVE-2022-0361",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0361"
},
{
"cve": "CVE-2022-0368",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0368"
},
{
"cve": "CVE-2021-3973",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Heap-based Buffer Overflow",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-3973"
},
{
"cve": "CVE-2021-3796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Use After Free",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-3796"
},
{
"cve": "CVE-2021-4166",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Out-of-bounds Read",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-4166"
},
{
"cve": "CVE-2022-1927",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-2129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-2183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2343",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2207",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2210",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2345",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2208",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2287",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2285",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2285"
},
{
"cve": "CVE-2022-2284",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2289",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2264",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2206",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2257"
},
{
"cve": "CVE-2022-29862",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29862"
},
{
"cve": "CVE-2022-29864",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29864"
}
]
}
GHSA-RV49-VPF7-3H48
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI?
Details
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-1160"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T19:15:00Z",
"severity": "HIGH"
},
"details": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.",
"id": "GHSA-rv49-vpf7-3h48",
"modified": "2022-04-06T00:01:48Z",
"published": "2022-03-31T00:00:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1160"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…