CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3778 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3778
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un desbordamiento del búfer en la región Heap de la memoria A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://lists.fedo • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3796 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-3796
vim is vulnerable to Use After Free vim es vulnerable a un Uso de memoria Previamente Liberada A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://lists.fedo • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3770 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3770
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28832
https://notcve.org/view.php?id=CVE-2021-28832
VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. VSCodeVim versiones anteriores a 1.19.0, permite a atacantes ejecutar código arbitrario por medio de una configuración de workspace diseñada • https://github.com/VSCodeVim/Vim/commit/939df0e7fd55a9840dbd4fb3c907315e2a5ef446 https://marketplace.visualstudio.com/items?itemName=vscodevim.vim https://vuln.ryotak.me/advisories/9 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4582-1 https://www.starwindsoftware.com/security/sw-20220812-0003 https://access.redhat.com/security/cve/CVE-2019&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •