CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3903 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3903
27 Oct 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3872 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3872
19 Oct 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la Memoria An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. Red Hat Single Sign-On is an integrated sign-on solution, a... • https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3875 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3875
15 Oct 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un desbordamiento del búfer en la región heap de la memoria Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3778 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3778
15 Sep 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un desbordamiento del búfer en la región Heap de la memoria A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tric... • http://www.openwall.com/lists/oss-security/2021/10/01/1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3796 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-3796
15 Sep 2021 — vim is vulnerable to Use After Free vim es vulnerable a un Uso de memoria Previamente Liberada A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into ope... • http://www.openwall.com/lists/oss-security/2021/10/01/1 • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3770 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3770
06 Sep 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim... • http://www.openwall.com/lists/oss-security/2021/10/01/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28832
https://notcve.org/view.php?id=CVE-2021-28832
05 Apr 2021 — VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. VSCodeVim versiones anteriores a 1.19.0, permite a atacantes ejecutar código arbitrario por medio de una configuración de workspace diseñada • https://github.com/VSCodeVim/Vim/commit/939df0e7fd55a9840dbd4fb3c907315e2a5ef446 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
28 May 2020 — In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20079 – Ubuntu Security Notice USN-4309-1
https://notcve.org/view.php?id=CVE-2019-20079
30 Dec 2019 — The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. La funcionalidad autocmd en el archivo window.c en Vim versiones anteriores a la versión 8.1.2136, accede a la memoria liberada. It was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled certain files. • https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14957
https://notcve.org/view.php?id=CVE-2019-14957
01 Oct 2019 — The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. El plugin JetBrains Vim anterior a la versión 0.52, estaba almacenando datos individuales del proyecto en el archivo global vim_settings.xml. Este archivo xml podría ser sincronizado en un repositorio de GitHub de acceso público. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-922: Insecure Storage of Sensitive Information •