rpm package
almalinux/xxd
pkg:rpm/almalinux/xxd
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41411 | Med | 6.6 | < 2:9.1.083-9.el10_2.4 | 2:9.1.083-9.el10_2.4 | Apr 24, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcar | |
| CVE-2026-35177 | Med | 4.1 | < 2:9.1.083-9.el10_2.3 | 2:9.1.083-9.el10_2.3 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in | |
| CVE-2026-34982 | Hig | 8.2 | < 2:9.1.083-9.el10_2.2 | 2:9.1.083-9.el10_2.2 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a | |
| CVE-2026-33412 | — | < 2:9.1.083-6.el10_1.3 | 2:9.1.083-6.el10_1.3 | Mar 24, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary sh | ||
| CVE-2026-28421 | — | < 2:9.1.083-6.el10_1.3 | 2:9.1.083-6.el10_1.3 | Feb 27, 2026 | Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2. | ||
| CVE-2026-28417 | — | < 2:9.1.083-6.el10_1.3 | 2:9.1.083-6.el10_1.3 | Feb 27, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute | ||
| CVE-2026-25749 | Med | 6.6 | < 2:9.1.083-6.el10_1.1 | 2:9.1.083-6.el10_1.1 | Feb 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When process | |
| CVE-2025-53906 | Med | 4.1 | < 2:9.1.083-6.el10_1 | 2:9.1.083-6.el10_1 | Jul 15, 2025 | Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. Ho | |
| CVE-2025-53905 | — | < 2:9.1.083-6.el10_1 | 2:9.1.083-6.el10_1 | Jul 15, 2025 | Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. Ho |
- affected < 2:9.1.083-9.el10_2.4fixed 2:9.1.083-9.el10_2.4
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcar
- affected < 2:9.1.083-9.el10_2.3fixed 2:9.1.083-9.el10_2.3
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in
- affected < 2:9.1.083-9.el10_2.2fixed 2:9.1.083-9.el10_2.2
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a
- CVE-2026-33412Mar 24, 2026affected < 2:9.1.083-6.el10_1.3fixed 2:9.1.083-6.el10_1.3
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary sh
- CVE-2026-28421Feb 27, 2026affected < 2:9.1.083-6.el10_1.3fixed 2:9.1.083-6.el10_1.3
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.
- CVE-2026-28417Feb 27, 2026affected < 2:9.1.083-6.el10_1.3fixed 2:9.1.083-6.el10_1.3
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute
- affected < 2:9.1.083-6.el10_1.1fixed 2:9.1.083-6.el10_1.1
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When process
- affected < 2:9.1.083-6.el10_1fixed 2:9.1.083-6.el10_1
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. Ho
- CVE-2025-53905Jul 15, 2025affected < 2:9.1.083-6.el10_1fixed 2:9.1.083-6.el10_1
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. Ho