VYPR

rpm package

almalinux/vim-data

pkg:rpm/almalinux/vim-data

Vulnerabilities (9)

  • CVE-2026-41411MedApr 24, 2026
    affected < 2:9.1.083-9.el10_2.4fixed 2:9.1.083-9.el10_2.4

    Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcar

  • CVE-2026-35177MedApr 6, 2026
    affected < 2:9.1.083-9.el10_2.3fixed 2:9.1.083-9.el10_2.3

    Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in

  • CVE-2026-34982HigApr 6, 2026
    affected < 2:9.1.083-6.el10_1.4fixed 2:9.1.083-6.el10_1.4

    Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a

  • CVE-2026-33412Mar 24, 2026
    affected < 2:9.1.083-6.el10_1.3fixed 2:9.1.083-6.el10_1.3

    Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary sh

  • CVE-2026-28421Feb 27, 2026
    affected < 2:9.1.083-6.el10_1.3fixed 2:9.1.083-6.el10_1.3

    Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.

  • CVE-2026-28417Feb 27, 2026
    affected < 2:9.1.083-6.el10_1.3fixed 2:9.1.083-6.el10_1.3

    Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute

  • CVE-2026-25749MedFeb 6, 2026
    affected < 2:9.1.083-6.el10_1.1fixed 2:9.1.083-6.el10_1.1

    Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When process

  • CVE-2025-53906MedJul 15, 2025
    affected < 2:9.1.083-5.el10_0.1fixed 2:9.1.083-5.el10_0.1

    Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. Ho

  • CVE-2025-53905Jul 15, 2025
    affected < 2:9.1.083-5.el10_0.1fixed 2:9.1.083-5.el10_0.1

    Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. Ho