CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
28 May 2020 — In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 56%CPEs: 2EXPL: 7CVE-2019-12735 – Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-12735
05 Jun 2019 — getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. El archivo getchar.c en Vim anterior a versión 8.1.1365 y Neovim anterior a versión 0.3.6 permite a los atacantes remotos ejecutar comandos arbitrarios del sistema operativo por medio de: comando source! en el componente modeline, como es demostrado por la ejecución en Vim, y asse... • https://www.exploit-db.com/exploits/46973 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17087 – Ubuntu Security Notice USN-5147-1
https://notcve.org/view.php?id=CVE-2017-17087
01 Dec 2017 — fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. fileio.c en Vim en versiones anteriores a la 8.0.1263 establece la pr... • http://openwall.com/lists/oss-security/2017/11/27/2 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000382
https://notcve.org/view.php?id=CVE-2017-1000382
31 Oct 2017 — VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. VIM en la versión 8.0.1187 (y, muy probablemente, en otras versiones) ignora la máscara de usuario cuando se crea un archivo swap ("[ORIGINAL_FILENAME].swp"), lo que da como resultado archivos que podrían ser legibles por cualquier usuario o accesibles de formas n... • http://security.cucumberlinux.com/security/details.php?id=120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6349 – Gentoo Linux Security Advisory 201706-26
https://notcve.org/view.php?id=CVE-2017-6349
27 Feb 2017 — An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Un desbordamiento de entero en un sitio de asignación de memoria u_read_undo ocurriría para vim en versiones anteriores al parche 8.0.0377, si no valida correctamente los valores de longitud del árbol de decisión, al leer un archivo desecho corrompido, lo que puede resul... • http://www.securityfocus.com/bid/96451 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6350 – Gentoo Linux Security Advisory 201706-26
https://notcve.org/view.php?id=CVE-2017-6350
27 Feb 2017 — An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Un desbordamiento de entero en un sitio de asignación de memoria unserialize_uep ocurriría para vim en versiones anteriores al parche 8.0.0378, si no valida correctamente los valores de longitud del arból de decisión, al leer un archivo desecho corrompido, lo que pu... • http://www.securityfocus.com/bid/96448 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5953 – Ubuntu Security Notice USN-4016-1
https://notcve.org/view.php?id=CVE-2017-5953
10 Feb 2017 — vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. vim en versiones anteriores a patch 8.0.0322 no valida adecuadamente los valores para la longitud del árbol cuando maneja un archivo spell, lo que puede resultar en un desbordamiento de entero en un sitio de asignación de memoria y un desbordamiento de búfer resultante. It was discovered that Vim incorrect... • http://www.debian.org/security/2017/dsa-3786 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 23%CPEs: 2EXPL: 0CVE-2016-1248 – vim: Lack of validation of values for few options results in code exection
https://notcve.org/view.php?id=CVE-2016-1248
23 Nov 2016 — vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. vim en versiones anteriores a patch 8.0.0056 no valida correctamente los valores para las opciones 'filetype', 'syntax' y 'keymap', lo que puede resulta en la ejecución de código arbitrario si se abre un archivo con una línea de modo especialmente manipulada. A vulnerability was found in vim i... • http://openwall.com/lists/oss-security/2016/11/22/20 • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 2CVE-2008-3074 – plugin: improper Implementation of shellescape() (arbitrary code execution)
https://notcve.org/view.php?id=CVE-2008-3074
21 Feb 2009 — The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incompl... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 5%CPEs: 17EXPL: 2CVE-2008-3075 – plugin: improper Implementation of shellescape() (arbitrary code execution)
https://notcve.org/view.php?id=CVE-2008-3075
21 Feb 2009 — The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 • CWE-94: Improper Control of Generation of Code ('Code Injection') •