9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.6%
Software: vim 8.0.1763
OS: ROSA Virtualization 2.1
package_evr_string: vim-8.0.1763-19.rv3.4.src.rpm
CVE-ID: CVE-2021-3796
BDU-ID: 2021-05417
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the nv_replace() function of the VIM text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service using a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2021-3778
BDU-ID: 2021-05633
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_ptr2char() function of the VIM text editor is related to a write operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code or cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: Execute the yum update vim command to close.
CVE-ID: CVE-2021-3872
BDU-ID: 2021-06188
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the vim drawscreen.c win_redr_status() function of the Vim text editor is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a heap-based buffer overflow using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2021-3984
BDU-ID: 2022-05501
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2021-4019
BDU-ID: 2022-05500
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2021-4193
BDU-ID: 2022-05970
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the getvcol function of the src/charset.c component of the Vim text editor is related to an end-of-line exit when /%V is used. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command.
CVE-ID: CVE-2021-4192
BDU-ID: 2022-00980
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the win_linetabsize() function of the vim text editor is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to impact the confidentiality integrity of information availability
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2022-0261
BDU-ID: 2022-00990
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the block_insert() function (src/ops.c) is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2022-0318
BDU-ID: 2022-00982
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the utf_head_off() function (mbyte.c) of the vim text editor is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command
CVE-ID: CVE-2022-0359
BDU-ID: 2022-00988
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the init_ccline() (ex_getln.c) function of the vim text editor is caused by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update vim command
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.6%