vim (SUSE:Linux Enterprise Server 12 SP2-BCL) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP2-BCL package vim, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (126)
CVE-2017-5953 — CVSS 9.8 (critical): vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer…
CVE-2017-6349 — CVSS 9.8 (critical): An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate…
CVE-2017-6350 — CVSS 9.8 (critical): An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly…
CVE-2019-12735 — CVSS 8.6 (high): getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command…
CVE-2016-1248 — CVSS 7.8 (high): vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the…
CVE-2022-4141 — CVSS 7.8 (high): Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the…
CVE-2022-1381 — CVSS 7.8 (high): global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing…
CVE-2022-1616 — CVSS 7.8 (high): Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass…
CVE-2022-1619 — CVSS 7.8 (high): Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable…
CVE-2022-1720 — CVSS 7.8 (high): Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the…
CVE-2022-1620 — CVSS 7.5 (high): NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer…
CVE-2009-0316 — CVSS 6.9 (medium): Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute…
CVE-2017-17087 — CVSS 5.5 (medium): fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the…
CVE-2019-20807 — CVSS 5.3 (medium): In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g…
CVE-2022-3705 — CVSS 5.0 (medium): A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file…
CVE-2021-46059: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation…