Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-4734 (GCVE-0-2023-4734)
Vulnerability from cvelistv5 – Published: 2023-09-02 17:42 – Updated: 2025-02-13 17:17
VLAI
EPSS
Title
Integer Overflow or Wraparound in vim/vim
Summary
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Severity
7.8 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1846",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:07:01.812Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "688e4382-d2b6-439a-a54e-484780f82217",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4734",
"datePublished": "2023-09-02T17:42:18.019Z",
"dateReserved": "2023-09-02T17:42:08.125Z",
"dateUpdated": "2025-02-13T17:17:58.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-4734",
"date": "2026-06-07",
"epss": "0.00036",
"percentile": "0.11242"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-4734\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2023-09-02T18:15:17.127\",\"lastModified\":\"2024-11-21T08:35:51.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.\"},{\"lang\":\"es\",\"value\":\"Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim version anterior a 9.0.1846.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.1846\",\"matchCriteriaId\":\"CD174B25-7E00-4526-BFAB-ABD283C72975\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.1\",\"matchCriteriaId\":\"2BB2BFC1-74A1-4178-8488-69EC5A60B34F\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"security@huntr.dev\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"security@huntr.dev\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость функции f_fullcommand текстового редактора vim , вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции f_fullcommand текстового редактора vim вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», АО «ИВК», АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), vim, АЛЬТ СП 10, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), до 9.0.1846 (vim), - (АЛЬТ СП 10), до 2.9 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для vim:
https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-4734
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-4734
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения vim до версии 2:9.0.2116-1
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
https://security-tracker.debian.org/tracker/CVE-2023-4734
https://access.redhat.com/security/cve/CVE-2023-4734
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-190
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), \u0434\u043e 9.0.1846 (vim), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f vim:\nhttps://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5\n\nhttps://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-4734\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-4734\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f vim \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2:9.0.2116-1\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05671",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-4734",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), vim, \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 f_fullcommand \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 vim , \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 f_fullcommand \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 vim \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217\nhttps://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5\nhttps://security-tracker.debian.org/tracker/CVE-2023-4734\nhttps://access.redhat.com/security/cve/CVE-2023-4734\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
CERTFR-2023-AVI-0890
Vulnerability from certfr_avis - Published: 2023-10-26 - Updated: 2023-10-26
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
D'après l'éditeur, la vulnérabilité CVE-2023-32434 est activement exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.1 | ||
| Apple | N/A | iPadOS versions 16.x antérieures à 16.7.2 | ||
| Apple | N/A | iOS versions 16.x antérieures à 16.7.2 | ||
| Apple | N/A | iOS versions antérieures à iOS 15.7 | ||
| Apple | N/A | iPadOS versions 17.x antérieures à 17.1 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.6.1 | ||
| Apple | macOS | macOS Monterey versions antérieures à 12.7.1 | ||
| Apple | N/A | iOS versions 15.x antérieures à 15.8 | ||
| Apple | Safari | Safari versions antérieures à 17.1 | ||
| Apple | N/A | iOS versions 17.x antérieures à 17.1 | ||
| Apple | N/A | iPadOS versions 15.x antérieures à 15.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 iOS 15.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 17.x ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 17.x ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40447"
},
{
"name": "CVE-2023-40445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40445"
},
{
"name": "CVE-2023-40404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40404"
},
{
"name": "CVE-2023-41989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41989"
},
{
"name": "CVE-2023-41977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41977"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41254"
},
{
"name": "CVE-2023-40421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40421"
},
{
"name": "CVE-2023-42844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42844"
},
{
"name": "CVE-2023-42849",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42849"
},
{
"name": "CVE-2023-42846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42846"
},
{
"name": "CVE-2023-40416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40416"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38403"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2023-41997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41997"
},
{
"name": "CVE-2023-42845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42845"
},
{
"name": "CVE-2023-40423",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40423"
},
{
"name": "CVE-2023-42841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42841"
},
{
"name": "CVE-2023-42438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42438"
},
{
"name": "CVE-2023-40401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40401"
},
{
"name": "CVE-2023-40408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40408"
},
{
"name": "CVE-2023-42850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42850"
},
{
"name": "CVE-2023-4750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4750"
},
{
"name": "CVE-2023-40413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40413"
},
{
"name": "CVE-2023-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41077"
},
{
"name": "CVE-2023-42847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42847"
},
{
"name": "CVE-2023-42861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42861"
},
{
"name": "CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"name": "CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"name": "CVE-2023-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41072"
},
{
"name": "CVE-2023-40405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40405"
},
{
"name": "CVE-2023-40449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40449"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-42842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42842"
},
{
"name": "CVE-2023-4733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4733"
},
{
"name": "CVE-2023-4736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4736"
},
{
"name": "CVE-2023-42857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42857"
},
{
"name": "CVE-2023-40444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40444"
},
{
"name": "CVE-2023-41982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41982"
},
{
"name": "CVE-2023-42854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42854"
},
{
"name": "CVE-2023-42856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42856"
},
{
"name": "CVE-2023-40425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40425"
},
{
"name": "CVE-2023-41975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41975"
},
{
"name": "CVE-2023-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32434"
},
{
"name": "CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"name": "CVE-2023-41988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41988"
},
{
"name": "CVE-2023-41976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41976"
}
],
"initial_release_date": "2023-10-26T00:00:00",
"last_revision_date": "2023-10-26T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0890",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, la vuln\u00e9rabilit\u00e9 C\u003cspan class=\"mx_EventTile_body\"\ndir=\"auto\"\u003eVE-2023-32434 est activement exploit\u00e9e.\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213982 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213990 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213990"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213983 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213983"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213981 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213984 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213986 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213986"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213985 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213985"
}
]
}
CERTFR-2025-AVI-0585
Vulnerability from certfr_avis - Published: 2025-07-11 - Updated: 2025-07-11
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-25317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2020-12413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2015-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2017-1000383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2025-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2023-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"initial_release_date": "2025-07-11T00:00:00",
"last_revision_date": "2025-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
}
]
}
CERTFR-2025-AVI-0693
Vulnerability from certfr_avis - Published: 2025-08-14 - Updated: 2025-08-14
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.3",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2023-2222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2025-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57360",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2025-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2021-20197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
},
{
"name": "CVE-2025-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
},
{
"name": "CVE-2025-7546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
},
{
"name": "CVE-2023-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"initial_release_date": "2025-08-14T00:00:00",
"last_revision_date": "2025-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0693",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36036",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36035",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36038",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36037",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037"
}
]
}
Title
Vim输入验证错误漏洞
Description
Vim是一款跨平台的文本编辑器。
Vim 9.0.1846之前版本存在输入验证错误漏洞,该漏洞源于存在整数溢出或环绕问题。远程攻击者可利用该漏洞通过发送恶意的HTTP或HTTPS请求,以root用户权限执行任意的shell命令。
Severity
高
Patch Name
Vim输入验证错误漏洞的补丁
Patch Description
Vim是一款跨平台的文本编辑器。
Vim 9.0.1846之前版本存在输入验证错误漏洞,该漏洞源于存在整数溢出或环绕问题。远程攻击者可利用该漏洞通过发送恶意的HTTP或HTTPS请求,以root用户权限执行任意的shell命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-4734
Impacted products
| Name | Vim Vim <9.0.1846 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-4734",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-4734"
}
},
"description": "Vim\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u6587\u672c\u7f16\u8f91\u5668\u3002\n\nVim 9.0.1846\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6216\u73af\u7ed5\u95ee\u9898\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684HTTP\u6216HTTPS\u8bf7\u6c42\uff0c\u4ee5root\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-70066",
"openTime": "2023-09-14",
"patchDescription": "Vim\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u6587\u672c\u7f16\u8f91\u5668\u3002\r\n\r\nVim 9.0.1846\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6216\u73af\u7ed5\u95ee\u9898\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684HTTP\u6216HTTPS\u8bf7\u6c42\uff0c\u4ee5root\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Vim\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Vim Vim \u003c9.0.1846"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-4734",
"serverity": "\u9ad8",
"submitTime": "2023-09-13",
"title": "Vim\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
FKIE_CVE-2023-4734
Vulnerability from fkie_nvd - Published: 2023-09-02 18:15 - Updated: 2024-11-21 08:35
Severity
Summary
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | http://seclists.org/fulldisclosure/2023/Oct/24 | Mailing List, Third Party Advisory | |
| security@huntr.dev | https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 | Patch | |
| security@huntr.dev | https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217 | Exploit, Patch, Third Party Advisory | |
| security@huntr.dev | https://support.apple.com/kb/HT213984 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Oct/24 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213984 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD174B25-7E00-4526-BFAB-ABD283C72975",
"versionEndExcluding": "9.0.1846",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB2BFC1-74A1-4178-8488-69EC5A60B34F",
"versionEndExcluding": "14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846."
},
{
"lang": "es",
"value": "Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim version anterior a 9.0.1846."
}
],
"id": "CVE-2023-4734",
"lastModified": "2024-11-21T08:35:51.477",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-02T18:15:17.127",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"source": "security@huntr.dev",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
GHSA-424W-J4HF-8CGP
Vulnerability from github – Published: 2023-09-02 18:30 – Updated: 2023-09-02 18:30
VLAI
Details
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-4734"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-02T18:15:17Z",
"severity": "HIGH"
},
"details": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
"id": "GHSA-424w-j4hf-8cgp",
"modified": "2023-09-02T18:30:16Z",
"published": "2023-09-02T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4734"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-4734
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-4734",
"id": "GSD-2023-4734"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-4734"
],
"details": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
"id": "GSD-2023-4734",
"modified": "2023-12-13T01:20:26.778385Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-4734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "9.0.1846"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-190",
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"name": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"name": "https://support.apple.com/kb/HT213984",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT213984"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/24",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
]
},
"source": {
"advisory": "688e4382-d2b6-439a-a54e-484780f82217",
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD174B25-7E00-4526-BFAB-ABD283C72975",
"versionEndExcluding": "9.0.1846",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB2BFC1-74A1-4178-8488-69EC5A60B34F",
"versionEndExcluding": "14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846."
},
{
"lang": "es",
"value": "Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim version anterior a 9.0.1846."
}
],
"id": "CVE-2023-4734",
"lastModified": "2023-12-21T02:52:18.850",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-02T18:15:17.127",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217"
},
{
"source": "security@huntr.dev",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
}
}
}
MSRC_CVE-2023-4734
Vulnerability from csaf_microsoft - Published: 2023-09-01 00:00 - Updated: 2023-09-04 00:00Summary
Integer Overflow or Wraparound in vim/vim
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4734 Integer Overflow or Wraparound in vim/vim - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-4734.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Integer Overflow or Wraparound in vim/vim",
"tracking": {
"current_release_date": "2023-09-04T00:00:00.000Z",
"generator": {
"date": "2025-12-27T17:14:15.640Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-4734",
"initial_release_date": "2023-09-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-09-04T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 vim 9.0.1897-1",
"product": {
"name": "\u003ccbl2 vim 9.0.1897-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 vim 9.0.1897-1",
"product": {
"name": "cbl2 vim 9.0.1897-1",
"product_id": "18317"
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 vim 9.0.1897-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 vim 9.0.1897-1 as a component of CBL Mariner 2.0",
"product_id": "18317-17086"
},
"product_reference": "18317",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4734",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "general",
"text": "@huntrdev",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18317-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4734 Integer Overflow or Wraparound in vim/vim - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-4734.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-04T00:00:00.000Z",
"details": "9.0.1897-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "Integer Overflow or Wraparound in vim/vim"
}
]
}
OPENSUSE-SU-2024:13226-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
gvim-9.0.1894-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: gvim-9.0.1894-1.1 on GA media
Description of the patch: These are all security issues fixed in the gvim-9.0.1894-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13226
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gvim-9.0.1894-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gvim-9.0.1894-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13226",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13226-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4734 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4735 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4738 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4751 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4751/"
}
],
"title": "gvim-9.0.1894-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13226-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.aarch64",
"product": {
"name": "gvim-9.0.1894-1.1.aarch64",
"product_id": "gvim-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-9.0.1894-1.1.aarch64",
"product_id": "vim-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-data-9.0.1894-1.1.aarch64",
"product_id": "vim-data-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-data-common-9.0.1894-1.1.aarch64",
"product_id": "vim-data-common-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.aarch64",
"product": {
"name": "vim-small-9.0.1894-1.1.aarch64",
"product_id": "vim-small-9.0.1894-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.aarch64",
"product": {
"name": "xxd-9.0.1894-1.1.aarch64",
"product_id": "xxd-9.0.1894-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.ppc64le",
"product": {
"name": "gvim-9.0.1894-1.1.ppc64le",
"product_id": "gvim-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-9.0.1894-1.1.ppc64le",
"product_id": "vim-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-data-9.0.1894-1.1.ppc64le",
"product_id": "vim-data-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-data-common-9.0.1894-1.1.ppc64le",
"product_id": "vim-data-common-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.ppc64le",
"product": {
"name": "vim-small-9.0.1894-1.1.ppc64le",
"product_id": "vim-small-9.0.1894-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.ppc64le",
"product": {
"name": "xxd-9.0.1894-1.1.ppc64le",
"product_id": "xxd-9.0.1894-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.s390x",
"product": {
"name": "gvim-9.0.1894-1.1.s390x",
"product_id": "gvim-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.s390x",
"product": {
"name": "vim-9.0.1894-1.1.s390x",
"product_id": "vim-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.s390x",
"product": {
"name": "vim-data-9.0.1894-1.1.s390x",
"product_id": "vim-data-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.s390x",
"product": {
"name": "vim-data-common-9.0.1894-1.1.s390x",
"product_id": "vim-data-common-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.s390x",
"product": {
"name": "vim-small-9.0.1894-1.1.s390x",
"product_id": "vim-small-9.0.1894-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.s390x",
"product": {
"name": "xxd-9.0.1894-1.1.s390x",
"product_id": "xxd-9.0.1894-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.0.1894-1.1.x86_64",
"product": {
"name": "gvim-9.0.1894-1.1.x86_64",
"product_id": "gvim-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-9.0.1894-1.1.x86_64",
"product_id": "vim-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-data-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-data-9.0.1894-1.1.x86_64",
"product_id": "vim-data-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-data-common-9.0.1894-1.1.x86_64",
"product_id": "vim-data-common-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.0.1894-1.1.x86_64",
"product": {
"name": "vim-small-9.0.1894-1.1.x86_64",
"product_id": "vim-small-9.0.1894-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xxd-9.0.1894-1.1.x86_64",
"product": {
"name": "xxd-9.0.1894-1.1.x86_64",
"product_id": "xxd-9.0.1894-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64"
},
"product_reference": "gvim-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le"
},
"product_reference": "gvim-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x"
},
"product_reference": "gvim-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64"
},
"product_reference": "gvim-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x"
},
"product_reference": "vim-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-data-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-data-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x"
},
"product_reference": "vim-data-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-data-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-data-common-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-data-common-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x"
},
"product_reference": "vim-data-common-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-data-common-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64"
},
"product_reference": "vim-small-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le"
},
"product_reference": "vim-small-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x"
},
"product_reference": "vim-small-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64"
},
"product_reference": "vim-small-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64"
},
"product_reference": "xxd-9.0.1894-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le"
},
"product_reference": "xxd-9.0.1894-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x"
},
"product_reference": "xxd-9.0.1894-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.0.1894-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
},
"product_reference": "xxd-9.0.1894-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4734"
}
],
"notes": [
{
"category": "general",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4734",
"url": "https://www.suse.com/security/cve/CVE-2023-4734"
},
{
"category": "external",
"summary": "SUSE Bug 1214925 for CVE-2023-4734",
"url": "https://bugzilla.suse.com/1214925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4734"
},
{
"cve": "CVE-2023-4735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4735"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4735",
"url": "https://www.suse.com/security/cve/CVE-2023-4735"
},
{
"category": "external",
"summary": "SUSE Bug 1214924 for CVE-2023-4735",
"url": "https://bugzilla.suse.com/1214924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4735"
},
{
"cve": "CVE-2023-4738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4738"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4738",
"url": "https://www.suse.com/security/cve/CVE-2023-4738"
},
{
"category": "external",
"summary": "SUSE Bug 1214922 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1214922"
},
{
"category": "external",
"summary": "SUSE Bug 1217411 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1217411"
},
{
"category": "external",
"summary": "SUSE Bug 1218353 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1218353"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4738",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4738"
},
{
"cve": "CVE-2023-4751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4751"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4751",
"url": "https://www.suse.com/security/cve/CVE-2023-4751"
},
{
"category": "external",
"summary": "SUSE Bug 1214921 for CVE-2023-4751",
"url": "https://bugzilla.suse.com/1214921"
},
{
"category": "external",
"summary": "SUSE Bug 1221583 for CVE-2023-4751",
"url": "https://bugzilla.suse.com/1221583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:gvim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-data-common-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:vim-small-9.0.1894-1.1.x86_64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.aarch64",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.ppc64le",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.s390x",
"openSUSE Tumbleweed:xxd-9.0.1894-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4751"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…