rpm package
opensuse/vim&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweed
Vulnerabilities (121)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39881 | Med | 5.0 | < 9.2.0398-1.1 | 9.2.0398-1.1 | Apr 8, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and special | |
| CVE-2026-34982 | Hig | 8.2 | < 9.2.0398-1.1 | 9.2.0398-1.1 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a | |
| CVE-2026-34714 | Cri | 9.2 | < 9.2.0398-1.1 | 9.2.0398-1.1 | Mar 30, 2026 | Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE. | |
| CVE-2026-33412 | — | < 9.2.0398-1.1 | 9.2.0398-1.1 | Mar 24, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary sh | ||
| CVE-2023-4751 | — | < 9.0.1894-1.1 | 9.0.1894-1.1 | Sep 3, 2023 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | ||
| CVE-2023-4738 | — | < 9.0.1894-1.1 | 9.0.1894-1.1 | Sep 2, 2023 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | ||
| CVE-2023-4735 | — | < 9.0.1894-1.1 | 9.0.1894-1.1 | Sep 2, 2023 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | ||
| CVE-2023-4734 | — | < 9.0.1894-1.1 | 9.0.1894-1.1 | Sep 2, 2023 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | ||
| CVE-2023-2609 | — | < 9.0.1538-1.1 | 9.0.1538-1.1 | May 9, 2023 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. | ||
| CVE-2023-2426 | — | < 9.0.1504-1.1 | 9.0.1504-1.1 | Apr 29, 2023 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | ||
| CVE-2023-1355 | — | < 9.0.1430-1.1 | 9.0.1430-1.1 | Mar 11, 2023 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | ||
| CVE-2023-1264 | — | < 9.0.1392-1.1 | 9.0.1392-1.1 | Mar 7, 2023 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | ||
| CVE-2023-1175 | — | < 9.0.1392-1.1 | 9.0.1392-1.1 | Mar 4, 2023 | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | ||
| CVE-2023-1127 | — | < 9.0.1367-1.1 | 9.0.1367-1.1 | Mar 1, 2023 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | ||
| CVE-2022-3352 | — | < 9.0.0626-1.1 | 9.0.0626-1.1 | Sep 29, 2022 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | ||
| CVE-2022-3235 | — | < 9.0.0500-1.1 | 9.0.0500-1.1 | Sep 18, 2022 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | ||
| CVE-2022-3234 | — | < 9.0.0500-1.1 | 9.0.0500-1.1 | Sep 17, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | ||
| CVE-2022-3153 | — | < 9.0.0453-2.1 | 9.0.0453-2.1 | Sep 8, 2022 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. | ||
| CVE-2022-3134 | — | < 9.0.0453-1.1 | 9.0.0453-1.1 | Sep 6, 2022 | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | ||
| CVE-2022-3099 | — | < 9.0.0453-1.1 | 9.0.0453-1.1 | Sep 3, 2022 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. |
- affected < 9.2.0398-1.1fixed 9.2.0398-1.1
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and special
- affected < 9.2.0398-1.1fixed 9.2.0398-1.1
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a
- affected < 9.2.0398-1.1fixed 9.2.0398-1.1
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
- CVE-2026-33412Mar 24, 2026affected < 9.2.0398-1.1fixed 9.2.0398-1.1
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary sh
- CVE-2023-4751Sep 3, 2023affected < 9.0.1894-1.1fixed 9.0.1894-1.1
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
- CVE-2023-4738Sep 2, 2023affected < 9.0.1894-1.1fixed 9.0.1894-1.1
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
- CVE-2023-4735Sep 2, 2023affected < 9.0.1894-1.1fixed 9.0.1894-1.1
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
- CVE-2023-4734Sep 2, 2023affected < 9.0.1894-1.1fixed 9.0.1894-1.1
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
- CVE-2023-2609May 9, 2023affected < 9.0.1538-1.1fixed 9.0.1538-1.1
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
- CVE-2023-2426Apr 29, 2023affected < 9.0.1504-1.1fixed 9.0.1504-1.1
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
- CVE-2023-1355Mar 11, 2023affected < 9.0.1430-1.1fixed 9.0.1430-1.1
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
- CVE-2023-1264Mar 7, 2023affected < 9.0.1392-1.1fixed 9.0.1392-1.1
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
- CVE-2023-1175Mar 4, 2023affected < 9.0.1392-1.1fixed 9.0.1392-1.1
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
- CVE-2023-1127Mar 1, 2023affected < 9.0.1367-1.1fixed 9.0.1367-1.1
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
- CVE-2022-3352Sep 29, 2022affected < 9.0.0626-1.1fixed 9.0.0626-1.1
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
- CVE-2022-3235Sep 18, 2022affected < 9.0.0500-1.1fixed 9.0.0500-1.1
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
- CVE-2022-3234Sep 17, 2022affected < 9.0.0500-1.1fixed 9.0.0500-1.1
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
- CVE-2022-3153Sep 8, 2022affected < 9.0.0453-2.1fixed 9.0.0453-2.1
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
- CVE-2022-3134Sep 6, 2022affected < 9.0.0453-1.1fixed 9.0.0453-1.1
Use After Free in GitHub repository vim/vim prior to 9.0.0389.
- CVE-2022-3099Sep 3, 2022affected < 9.0.0453-1.1fixed 9.0.0453-1.1
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
Page 1 of 7