Page 37 of 210 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. VSCodeVim versiones anteriores a 1.19.0, permite a atacantes ejecutar código arbitrario por medio de una configuración de workspace diseñada • https://github.com/VSCodeVim/Vim/commit/939df0e7fd55a9840dbd4fb3c907315e2a5ef446 https://marketplace.visualstudio.com/items?itemName=vscodevim.vim https://vuln.ryotak.me/advisories/9 •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4582-1 https://www.starwindsoftware.com/security/sw-20220812-0003 https://access.redhat.com/security/cve/CVE-2019&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. La funcionalidad autocmd en el archivo window.c en Vim versiones anteriores a la versión 8.1.2136, accede a la memoria liberada. • https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136 https://packetstormsecurity.com/files/154898 https://usn.ubuntu.com/4309-1 • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. El plugin JetBrains Vim anterior a la versión 0.52, estaba almacenando datos individuales del proyecto en el archivo global vim_settings.xml. Este archivo xml podría ser sincronizado en un repositorio de GitHub de acceso público. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 5

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. El archivo getchar.c en Vim anterior a versión 8.1.1365 y Neovim anterior a versión 0.3.6 permite a los atacantes remotos ejecutar comandos arbitrarios del sistema operativo por medio de: comando source! en el componente modeline, como es demostrado por la ejecución en Vim, y assert_fails o nvim_input en Neovim. It was found that the `:source! • https://www.exploit-db.com/exploits/46973 https://github.com/oldthree3/CVE-2019-12735-VIM-NEOVIM https://github.com/st9007a/CVE-2019-12735 https://github.com/datntsec/CVE-2019-12735 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html http://l • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •