According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3973, CVE-2021-3984, CVE-2021-4019)

  - vim is vulnerable to Use After Free (CVE-2021-3974, CVE-2021-4069)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3973 advisory.

  - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3973)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2021-005 advisory.

    vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

    A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

    A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3968)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3973)

    A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3974)

    A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially     crafted file, leading to a crash or code execution. The highest threat from this vulnerability is     confidentiality, integrity, and system availability. (CVE-2021-3984)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2102-1 advisory.

    - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
    - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
    - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
    - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
    - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
    - CVE-2021-3974: Fixed use-after-free (bsc#1192904).
    - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
    - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
    - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
    - CVE-2021-4192: Fixed use-after-free (bsc#1194217).
    - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
    - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
    - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
    - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
    - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
    - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
    - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
    - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
    - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
    - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
    - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
    - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
    - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
    - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
    - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
    - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
    - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
    - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
    - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
    - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
    - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
    - CVE-2022-1898: Fixed use-after-free (bsc#1200011).
    - CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1728 advisory.

    2024-05-09: CVE-2020-20703 was added to this advisory.

    Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the     operand parameter. (CVE-2020-20703)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3778)

    A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to     memory corruption and a potentially exploitable crash or code execution. The highest threat from this     vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796)

    An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows     an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-     bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system     availability. (CVE-2021-3872)

    There's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into     opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially     causing an impact to application availability. (CVE-2021-3875)

    A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3968)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3973)

    A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3974)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1557 advisory.

    2024-05-09: CVE-2020-20703 was added to this advisory.

    Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the     operand parameter. (CVE-2020-20703)

    vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3927)

    A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to data confidentiality and integrity as well as system availability. (CVE-2021-3928)

    A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3968)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3973)

    A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is     to system availability. (CVE-2021-3974)

    A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially     crafted file, leading to a crash or code execution. The highest threat from this vulnerability is     confidentiality, integrity, and system availability. (CVE-2021-3984)

    A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a     specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability     is system availability. (CVE-2021-4019)

    vim is vulnerable to Use After Free (CVE-2021-4069)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4136)

    A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4166)

    A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4173)

    A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a     specially crafted file leading to a crash or code execution. (CVE-2021-4187)

    It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially     crafted file in vim could crash the vim process or possibly lead to other undefined behaviors.
    (CVE-2021-4192)

    It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file     could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2947 advisory.

    Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows,     out-of-bounds reads and Null pointer dereferences may lead to a denial of service (application crash) or     other unspecified impact. For Debian 9 stretch, these problems have been fixed in version     2:8.0.0197-4+deb9u5. We recommend that you upgrade your vim packages. For the detailed security status of     vim please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vim Further     information about Debian LTS security advisories, how to apply these updates to your system and frequently     asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
159943	EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1479)	Nessus	Huawei Local Security Checks	4/20/2022	11/1/2023	high
172828	CBL Mariner 2.0 Security Update: vim (CVE-2021-3973)	Nessus	MarinerOS Local Security Checks	3/20/2023	2/10/2025	high
212471	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2021-005)	Nessus	Amazon Linux Local Security Checks	12/11/2024	12/12/2024	high
162382	SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:2102-1)	Nessus	SuSE Local Security Checks	6/17/2022	9/24/2025	critical
155982	Amazon Linux 2 : vim (ALAS-2021-1728)	Nessus	Amazon Linux Local Security Checks	12/10/2021	12/11/2024	critical
156877	Amazon Linux AMI : vim (ALAS-2022-1557)	Nessus	Amazon Linux Local Security Checks	1/20/2022	12/11/2024	critical
158978	Debian DLA-2947-1 : vim - LTS security update	Nessus	Debian Local Security Checks	3/16/2022	1/24/2025	high

Detections

Analytics

Plugins Search

high

high

high

critical

critical

critical

high