VYPR

rpm package

almalinux/vim-common

pkg:rpm/almalinux/vim-common

Vulnerabilities (33)

  • CVE-2026-35177MedApr 6, 2026
    affected < 2:9.1.083-9.el10_2.3fixed 2:9.1.083-9.el10_2.3

    Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in

  • CVE-2026-34982HigApr 6, 2026
    affected < 2:8.0.1763-22.el8_10.3fixed 2:8.0.1763-22.el8_10.3

    Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a

  • CVE-2026-33412Mar 24, 2026
    affected < 2:8.0.1763-22.el8_10.1fixed 2:8.0.1763-22.el8_10.1

    Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary sh

  • CVE-2026-28421Feb 27, 2026
    affected < 2:8.0.1763-22.el8_10.1fixed 2:8.0.1763-22.el8_10.1

    Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.

  • CVE-2026-28417Feb 27, 2026
    affected < 2:8.0.1763-22.el8_10.1fixed 2:8.0.1763-22.el8_10.1

    Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute

  • CVE-2026-25749Feb 6, 2026
    affected < 2:8.0.1763-22.el8_10fixed 2:8.0.1763-22.el8_10

    Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When process

  • CVE-2025-53906MedJul 15, 2025
    affected < 2:8.0.1763-21.el8_10fixed 2:8.0.1763-21.el8_10

    Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. Ho

  • CVE-2025-53905Jul 15, 2025
    affected < 2:8.0.1763-21.el8_10fixed 2:8.0.1763-21.el8_10

    Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. Ho

  • CVE-2023-4752Sep 4, 2023
    affected < 2:8.2.2637-22.el9_6fixed 2:8.2.2637-22.el9_6

    Use After Free in GitHub repository vim/vim prior to 9.0.1858.

  • CVE-2022-47024Jan 20, 2023
    affected < 2:8.2.2637-20.el9_1fixed 2:8.2.2637-20.el9_1

    A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.

  • CVE-2022-1927May 29, 2022
    affected < 2:8.0.1763-19.el8_6.4fixed 2:8.0.1763-19.el8_6.4

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.

  • CVE-2022-1897May 27, 2022
    affected < 2:8.0.1763-19.el8_6.4fixed 2:8.0.1763-19.el8_6.4

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

  • CVE-2022-1785May 19, 2022
    affected < 2:8.0.1763-19.el8_6.4fixed 2:8.0.1763-19.el8_6.4

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.

  • CVE-2022-1629May 10, 2022
    affected < 2:8.2.2637-16.el9_0.2fixed 2:8.2.2637-16.el9_0.2

    Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

  • CVE-2022-1621May 9, 2022
    affected < 2:8.2.2637-16.el9_0.2fixed 2:8.2.2637-16.el9_0.2

    Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

  • CVE-2022-1420Apr 21, 2022
    affected < 2:8.2.2637-16.el9_0.2fixed 2:8.2.2637-16.el9_0.2

    Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

  • CVE-2022-1154Mar 30, 2022
    affected < 2:8.0.1763-16.el8_5.13fixed 2:8.0.1763-16.el8_5.13

    Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

  • CVE-2022-0943Mar 14, 2022
    affected < 2:8.2.2637-16.el9_0.2fixed 2:8.2.2637-16.el9_0.2

    Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

  • CVE-2022-0554Feb 10, 2022
    affected < 2:8.2.2637-16.el9_0.2fixed 2:8.2.2637-16.el9_0.2

    Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

  • CVE-2022-0413Jan 30, 2022
    affected < 2:8.0.1763-16.el8_5.12fixed 2:8.0.1763-16.el8_5.12

    Use After Free in GitHub repository vim/vim prior to 8.2.

Page 1 of 2