rpm package

opensuse/vim&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweed

Vulnerabilities (121)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-0413		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 30, 2022	Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0408		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 30, 2022	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0393		—	< 8.2.4286-1.1	8.2.4286-1.1	Jan 28, 2022	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0392		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 28, 2022	Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVE-2022-0368		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 26, 2022	Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0361		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 26, 2022	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 26, 2022	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0351		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 25, 2022	Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0319		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 21, 2022	Out-of-bounds Read in vim/vim prior to 8.2.
CVE-2022-0318		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 21, 2022	Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVE-2022-0261		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 18, 2022	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0213		—	< 9.0.0453-2.1	9.0.0453-2.1	Jan 14, 2022	vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0156		—	< 8.2.4063-1.1	8.2.4063-1.1	Jan 10, 2022	vim is vulnerable to Use After Free
CVE-2019-12735		—	< 8.2.3408-1.2	8.2.3408-1.2	Jun 5, 2019	getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
CVE-2017-1000382	Med	5.5	< 8.2.3408-1.2	8.2.3408-1.2	Oct 31, 2017	VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
CVE-2017-6350	Cri	9.8	< 8.2.3408-1.2	8.2.3408-1.2	Feb 27, 2017	An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVE-2017-6349	Cri	9.8	< 8.2.3408-1.2	8.2.3408-1.2	Feb 27, 2017	An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVE-2017-5953	Cri	9.8	< 8.2.3408-1.2	8.2.3408-1.2	Feb 10, 2017	vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
CVE-2009-0316		—	< 8.0.130-1.1	8.0.130-1.1	Jan 28, 2009	Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-59
CVE-2007-2953		—	< 8.2.3408-1.2	8.2.3408-1.2	Jul 31, 2007	Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

CVE-2022-0413Jan 30, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0408Jan 30, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0393Jan 28, 2022
affected < 8.2.4286-1.1fixed 8.2.4286-1.1
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0392Jan 28, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVE-2022-0368Jan 26, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0361Jan 26, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359Jan 26, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0351Jan 25, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0319Jan 21, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Out-of-bounds Read in vim/vim prior to 8.2.
CVE-2022-0318Jan 21, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVE-2022-0261Jan 18, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0213Jan 14, 2022
affected < 9.0.0453-2.1fixed 9.0.0453-2.1
vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0156Jan 10, 2022
affected < 8.2.4063-1.1fixed 8.2.4063-1.1
vim is vulnerable to Use After Free
CVE-2019-12735Jun 5, 2019
affected < 8.2.3408-1.2fixed 8.2.3408-1.2
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
CVE-2017-1000382MedOct 31, 2017
affected < 8.2.3408-1.2fixed 8.2.3408-1.2
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
CVE-2017-6350CriFeb 27, 2017
affected < 8.2.3408-1.2fixed 8.2.3408-1.2
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVE-2017-6349CriFeb 27, 2017
affected < 8.2.3408-1.2fixed 8.2.3408-1.2
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVE-2017-5953CriFeb 10, 2017
affected < 8.2.3408-1.2fixed 8.2.3408-1.2
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
CVE-2009-0316Jan 28, 2009
affected < 8.0.130-1.1fixed 8.0.130-1.1
Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-59
CVE-2007-2953Jul 31, 2007
affected < 8.2.3408-1.2fixed 8.2.3408-1.2
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

Page 6 of 7