Lucene search
K

65 matches found

AlmaLinux
AlmaLinux
added 2026/06/03 12:0 a.m.9 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
Redos
Redos
added 2026/05/24 12:0 a.m.13 views

ROS-20260524-73-0036

A vulnerability in the zip.vim plugin of the vim text editor is related to an incorrect restriction of the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

7.1CVSS6.1AI score0.00126EPSS
Exploits0
OSV
OSV
added 2026/05/20 10:11 a.m.14 views

CLSA-2026-1779271865 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...

7.1CVSS6.4AI score0.00731EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/06 8:47 p.m.5 views

CVE-2026-35177

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 6:16 p.m.3 views

UBUNTU-CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 5:54 p.m.78 views

CVE-2026-35177

CVE-2026-35177 affects Vim with the zip.vim plugin prior to 9.2.0280. The issue is a path traversal bypass that can overwrite arbitrary files when opening crafted zip archives, circumventing the prior fix for CVE-2025-53906. The vulnerability is fixed in Vim 9.2.0280. Connected sources also note ...

7.1CVSS6.8AI score0.00126EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 5:54 p.m.2 views

CVE-2026-35177 Path traversal issue with zip.vim in Vim

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6AI score0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 5:54 p.m.9 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6.8AI score0.00731EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/06 5:35 p.m.5 views

MGASA-2026-0083 Updated vim packages fix security vulnerabilities

Vim modeline bypass via various options affects Vim 9.2.0276. CVE-2026-34982 Path traversal issue with zip.vim in Vim v9.2.0280. CVE-2026-35177...

8.2CVSS6AI score0.0047EPSS
Exploits0References7
Mageia
Mageia
added 2026/04/06 5:35 p.m.7 views

Updated vim packages fix security vulnerabilities

Vim modeline bypass via various options affects Vim 9.2.0276. CVE-2026-34982 Path traversal issue with zip.vim in Vim v9.2.0280. CVE-2026-35177...

8.2CVSS6AI score0.0047EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Vim 路径遍历漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0280 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal bypass issue in the zip.vim plugin, which could potentially overwrite any file when opening...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29691

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0280 Description A path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives. This circumvents a previous fix. Recommendations Update to version...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: vim (UTSA-2026-006149)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006149 advisory. Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vims zip.vim plugin can allow overwriting of arbitrary files wh...

4.1CVSS6.1AI score0.00731EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: vim (UTSA-2026-006145)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006145 advisory. Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a use...

4.4CVSS5.7AI score0.00342EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2026-1150)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow...

7.8CVSS5.1AI score0.00731EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.3 views

EulerOS 2.0 SP10 : vim (EulerOS-SA-2025-2432)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow overwriting of...

4.1CVSS7.2AI score0.00731EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.1 views

EulerOS 2.0 SP10 : vim (EulerOS-SA-2025-2404)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow overwriting of...

4.1CVSS7.2AI score0.00731EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.3 views

EulerOS 2.0 SP13 : vim (EulerOS-SA-2025-2314)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow overwriting of...

4.1CVSS7.2AI score0.00731EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2025/10/13 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2025-2219)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS6.7AI score0.00731EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.4 views

EulerOS 2.0 SP11 : vim (EulerOS-SA-2025-2251)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vims zip.vim plugin can allow overwriting of...

4.1CVSS7.2AI score0.00731EPSS
Exploits2References3
Rows per page
Query Builder