{"id":"USN-6026-1","summary":"vim vulnerabilities","details":"It was discovered that Vim was incorrectly processing Vim buffers. An      \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges.\nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges.\nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read.\nAn attacker could possibly use this issue to expose sensitive information.\n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow.\nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code.\n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n","modified":"2026-02-10T04:43:05Z","published":"2023-04-19T08:57:30Z","related":["UBUNTU-CVE-2021-4166","UBUNTU-CVE-2021-4192","UBUNTU-CVE-2021-4193","UBUNTU-CVE-2022-0213","UBUNTU-CVE-2022-0261","UBUNTU-CVE-2022-0318","UBUNTU-CVE-2022-0319","UBUNTU-CVE-2022-0351","UBUNTU-CVE-2022-0359","UBUNTU-CVE-2022-0361","UBUNTU-CVE-2022-0368","UBUNTU-CVE-2022-0408","UBUNTU-CVE-2022-0443","UBUNTU-CVE-2022-0554","UBUNTU-CVE-2022-0572","UBUNTU-CVE-2022-0629","UBUNTU-CVE-2022-0685","UBUNTU-CVE-2022-0714","UBUNTU-CVE-2022-0729","UBUNTU-CVE-2022-2207"],"upstream":["CVE-2021-4166","CVE-2021-4192","CVE-2021-4193","CVE-2022-0213","CVE-2022-0261","CVE-2022-0318","CVE-2022-0319","CVE-2022-0351","CVE-2022-0359","CVE-2022-0361","CVE-2022-0368","CVE-2022-0408","CVE-2022-0443","CVE-2022-0554","CVE-2022-0572","CVE-2022-0629","CVE-2022-0685","CVE-2022-0714","CVE-2022-0729","CVE-2022-2207","UBUNTU-CVE-2021-4166","UBUNTU-CVE-2021-4192","UBUNTU-CVE-2021-4193","UBUNTU-CVE-2022-0213","UBUNTU-CVE-2022-0261","UBUNTU-CVE-2022-0318","UBUNTU-CVE-2022-0319","UBUNTU-CVE-2022-0351","UBUNTU-CVE-2022-0359","UBUNTU-CVE-2022-0361","UBUNTU-CVE-2022-0368","UBUNTU-CVE-2022-0408","UBUNTU-CVE-2022-0443","UBUNTU-CVE-2022-0554","UBUNTU-CVE-2022-0572","UBUNTU-CVE-2022-0629","UBUNTU-CVE-2022-0685","UBUNTU-CVE-2022-0714","UBUNTU-CVE-2022-0729","UBUNTU-CVE-2022-2207"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6026-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4166"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4192"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4193"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0213"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0261"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0318"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0319"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0351"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0359"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0361"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0368"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0408"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0443"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0554"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0572"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0629"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0685"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0714"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0729"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2207"}],"affected":[{"package":{"name":"vim","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/vim@2:7.4.052-1ubuntu3.1+esm9?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.052-1ubuntu3.1+esm9"}]}],"versions":["2:7.4.000-1ubuntu2","2:7.4.052-1ubuntu1","2:7.4.052-1ubuntu2","2:7.4.052-1ubuntu3","2:7.4.052-1ubuntu3.1","2:7.4.052-1ubuntu3.1+esm1","2:7.4.052-1ubuntu3.1+esm3","2:7.4.052-1ubuntu3.1+esm4","2:7.4.052-1ubuntu3.1+esm5","2:7.4.052-1ubuntu3.1+esm6","2:7.4.052-1ubuntu3.1+esm7","2:7.4.052-1ubuntu3.1+esm8"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-athena"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-common"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-gnome"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-gtk"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-gui-common"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-lesstif"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-nox"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-runtime"},{"binary_version":"2:7.4.052-1ubuntu3.1+esm9","binary_name":"vim-tiny"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2021-4192","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-4193","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0213","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0319","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0351","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0359","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0408","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0443","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0554","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0572","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0685","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0714","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0729","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-2207","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6026-1.json"}},{"package":{"name":"vim","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/vim@2:8.0.1453-1ubuntu1.13?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.0.1453-1ubuntu1.13"}]}],"versions":["2:8.0.0197-4ubuntu5","2:8.0.1144-1ubuntu1","2:8.0.1401-1ubuntu1","2:8.0.1401-1ubuntu2","2:8.0.1401-1ubuntu3","2:8.0.1453-1ubuntu1","2:8.0.1453-1ubuntu1.1","2:8.0.1453-1ubuntu1.3","2:8.0.1453-1ubuntu1.4","2:8.0.1453-1ubuntu1.6","2:8.0.1453-1ubuntu1.7","2:8.0.1453-1ubuntu1.8","2:8.0.1453-1ubuntu1.9","2:8.0.1453-1ubuntu1.10","2:8.0.1453-1ubuntu1.11","2:8.0.1453-1ubuntu1.12"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-athena"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-common"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-gnome"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-gtk"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-gtk3"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-gui-common"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-nox"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-runtime"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"vim-tiny"},{"binary_version":"2:8.0.1453-1ubuntu1.13","binary_name":"xxd"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2021-4192","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-4193","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0213","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0261","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0318","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0319","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0351","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0359","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0361","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0368","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0408","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0443","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0554","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0572","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0685","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0714","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0729","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-2207","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6026-1.json"}},{"package":{"name":"vim","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/vim@2:8.1.2269-1ubuntu5.14?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.1.2269-1ubuntu5.14"}]}],"versions":["2:8.1.0875-5ubuntu2","2:8.1.0875-5ubuntu3","2:8.1.0875-5ubuntu4","2:8.1.2269-1ubuntu1","2:8.1.2269-1ubuntu4","2:8.1.2269-1ubuntu5","2:8.1.2269-1ubuntu5.3","2:8.1.2269-1ubuntu5.4","2:8.1.2269-1ubuntu5.6","2:8.1.2269-1ubuntu5.7","2:8.1.2269-1ubuntu5.8","2:8.1.2269-1ubuntu5.9","2:8.1.2269-1ubuntu5.11","2:8.1.2269-1ubuntu5.12","2:8.1.2269-1ubuntu5.13"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-athena"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-common"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-gtk"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-gtk3"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-gui-common"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-nox"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-runtime"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"vim-tiny"},{"binary_version":"2:8.1.2269-1ubuntu5.14","binary_name":"xxd"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-4166","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-4192","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-4193","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0213","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0261","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0318","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0319","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0351","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0359","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0361","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0368","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0408","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0443","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0554","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0572","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0629","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0685","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0714","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0729","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-2207","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6026-1.json"}},{"package":{"name":"vim","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.7?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.2.3995-1ubuntu2.7"}]}],"versions":["2:8.2.2434-3ubuntu3","2:8.2.2434-3ubuntu4","2:8.2.3565-1ubuntu1","2:8.2.3565-1ubuntu2","2:8.2.3565-1ubuntu3","2:8.2.3565-1ubuntu5","2:8.2.3995-1ubuntu1","2:8.2.3995-1ubuntu2","2:8.2.3995-1ubuntu2.1","2:8.2.3995-1ubuntu2.3","2:8.2.3995-1ubuntu2.4","2:8.2.3995-1ubuntu2.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-athena"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-common"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-gtk"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-gtk3"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-gui-common"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-nox"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-runtime"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"vim-tiny"},{"binary_version":"2:8.2.3995-1ubuntu2.7","binary_name":"xxd"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2022-0213","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0261","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0318","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0319","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0351","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0359","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0361","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0368","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0408","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0443","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-0554","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0572","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0629","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0685","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0714","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-0729","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2022-2207","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6026-1.json"}}],"schema_version":"1.7.3"}