vim (SUSE:Linux Enterprise Micro 5.2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.2 package vim, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2026-34714 — CVSS 9.2 (critical): Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because…
CVE-2025-55157 — CVSS 8.8 (high): Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script…
CVE-2025-55158 — CVSS 8.8 (high): Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9…
CVE-2026-34982 — CVSS 8.2 (high): Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command…
CVE-2022-4141 — CVSS 7.8 (high): Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the…
CVE-2024-22667 — CVSS 7.8 (high): Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is…
CVE-2022-0351 — CVSS 7.8 (high): Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-1381 — CVSS 7.8 (high): global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing…
CVE-2022-1616 — CVSS 7.8 (high): Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass…
CVE-2022-1619 — CVSS 7.8 (high): Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable…
CVE-2022-1720 — CVSS 7.8 (high): Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the…
CVE-2022-1620 — CVSS 7.5 (high): NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer…
CVE-2026-33412 — CVSS 5.6 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob()…
CVE-2017-17087 — CVSS 5.5 (medium): fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the…
CVE-2026-26269 — CVSS 5.4 (medium): Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans…
CVE-2026-28419 — CVSS 5.3 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags…
CVE-2026-28421 — CVSS 5.3 (medium): Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV)…
CVE-2022-3705 — CVSS 5.0 (medium): A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file…
CVE-2024-43802 — CVSS 4.5 (medium): Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead…
CVE-2024-43790 — CVSS 4.5 (medium): Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S)…
CVE-2024-45306 — CVSS 4.5 (medium): Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that…
CVE-2026-28418 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's…
CVE-2025-29768 — CVSS 4.4 (medium): Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The…
CVE-2026-28420 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ…
CVE-2026-28417 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw`…
CVE-2025-22134 — CVSS 4.2 (medium): When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because…
CVE-2024-41965 — CVSS 4.2 (medium): Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask…
CVE-2025-24014 — CVSS 4.2 (medium): Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim…
CVE-2025-53905 — CVSS 4.1 (medium): Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow…
CVE-2025-53906 — CVSS 4.1 (medium): Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow…
CVE-2023-46246 — CVSS 4.0 (medium): Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in…
CVE-2023-48231 — CVSS 3.9 (low): Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation…
CVE-2023-48232 — CVSS 3.9 (low): Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines…
CVE-2023-48706 — CVSS 3.6 (low): Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very…
CVE-2023-48237 — CVSS 2.8 (low): Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large…
CVE-2023-48236 — CVSS 2.8 (low): Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT…
CVE-2023-48235 — CVSS 2.8 (low): Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically…
CVE-2023-48233 — CVSS 2.8 (low): Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable…
CVE-2023-48234 — CVSS 2.8 (low): Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given…
CVE-2025-1215 — CVSS 2.8 (low): A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c…
CVE-2026-28422 — CVSS 2.2 (low): Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when…
CVE-2021-46059: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation…