Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562311220222671HistoryNov 03, 2022 - 12:00 a.m.
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2671)
2022-11-0300:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
12
huawei euleros
security advisory
vim
vulnerabilities
update
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.002
Percentile
53.0%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.2671");
script_cve_id("CVE-2022-2257", "CVE-2022-2289", "CVE-2022-2522", "CVE-2022-2571", "CVE-2022-2598", "CVE-2022-2845", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3016");
script_tag(name:"creation_date", value:"2022-11-03 04:26:17 +0000 (Thu, 03 Nov 2022)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-09-01 19:38:01 +0000 (Thu, 01 Sep 2022)");
script_name("Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2671)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP10");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-2671");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-2671");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'vim' package(s) announced via the EulerOS-SA-2022-2671 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Use After Free in GitHub repository vim/vim prior to 9.0.0286.(CVE-2022-3016)
Use After Free in GitHub repository vim/vim prior to 9.0.0246.(CVE-2022-2946)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.(CVE-2022-2923)
Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.(CVE-2022-2845)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.(CVE-2022-2571)
Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.(CVE-2022-2598)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.(CVE-2022-2522)
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.(CVE-2022-2257)
Use After Free in GitHub repository vim/vim prior to 9.0.(CVE-2022-2289)
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.(CVE-2022-2980)");
script_tag(name:"affected", value:"'vim' package(s) on Huawei EulerOS V2.0SP10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP10") {
if(!isnull(res = isrpmvuln(pkg:"vim-common", rpm:"vim-common~8.2~1.h53.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-enhanced", rpm:"vim-enhanced~8.2~1.h53.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-filesystem", rpm:"vim-filesystem~8.2~1.h53.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"vim-minimal", rpm:"vim-minimal~8.2~1.h53.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2022-2923)
2022-12-28 00:00:00
EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-2703)
2022-11-02 00:00:00
EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-2671)
2022-11-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2703)
2022-11-03 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2923)
2022-12-30 00:00:00
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2949)
2022-12-30 00:00:00
redos
redos
ROS-20220909-01
2022-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: vim-9.0.246-1.fc35
2022-09-01 09:56:13
[SECURITY] Fedora 37 Update: vim-9.0.412-1.fc37
2022-09-14 00:28:23
[SECURITY] Fedora 36 Update: vim-9.0.049-1.fc36
2022-07-14 01:49:09
slackware
slackware
[slackware-security] vim
2022-08-26 04:17:25
[slackware-security] vim
2022-08-30 19:41:07
cbl_mariner
cbl_mariner
CVE-2022-2257 affecting package vim for versions less than 9.0.0050-2
2022-08-03 21:15:04
CVE-2022-2289 affecting package vim 8.2.5172-1
2022-08-12 16:45:08
CVE-2022-2257 affecting package vim 8.2.5172-1
2022-08-12 16:45:08
alpinelinux
alpinelinux
cve
cve
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2022-06-30 21:15:00
Cross site scripting
2022-08-01 15:15:00
Null pointer dereference
2022-08-25 20:15:00
cvelist
cvelist
CVE-2022-2257 Out-of-bounds Read in vim/vim
2022-06-30 00:00:00
CVE-2022-2289 Use After Free in vim/vim
2022-07-03 00:00:00
CVE-2022-2980 NULL Pointer Dereference in vim/vim
2022-08-25 00:00:00
nvd
nvd
huntr
huntr
Out-of-bound read in function msg_outtrans_special
2022-06-28 00:59:19
Use After Free in function get_next_valid_entry
2022-08-26 07:49:27
Undefined behavior in diff_write_buffer()
2022-07-15 06:15:10
veracode
veracode
Out-of-Bounds Read
2022-08-12 23:30:12
Denial Of Service (DoS)
2022-08-11 06:30:47
Denial Of Service (DoS)
2022-09-14 17:46:51
cnvd
cnvd
Vim Buffer Overflow Vulnerability (CNVD-2022-68095)
2022-07-04 00:00:00
vim diff_write_buffer function buffer overflow vulnerability
2022-08-04 00:00:00
vim code issue vulnerability (CNVD-2022-68089)
2022-08-30 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
osv
osv
amazon
amazon
Low: vim
2022-10-17 21:46:00
cloudlinux
cloudlinux
Fixed CVEs in vim: CVE-2022-2289, CVE-2022-2304
2022-07-26 16:42:23
Fixed CVEs in vim: CVE-2022-2845, CVE-2022-2849
2022-08-25 15:52:44
suse
suse
Security update for vim (important)
2022-09-09 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2023-08-21 00:00:00
Vim vulnerabilities
2023-04-04 00:00:00
cloudfoundry
cloudfoundry
USN-6302-1: Vim vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
USN-5995-1: Vim vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0380
2023-04-25 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0568
2023-04-19 00:00:00
ibm
ibm
mageia
mageia
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.002
Percentile
53.0%
Related for OPENVAS:1361412562311220222671