CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6350
https://notcve.org/view.php?id=CVE-2017-6350
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Un desbordamiento de entero en un sitio de asignación de memoria unserialize_uep ocurriría para vim en versiones anteriores al parche 8.0.0378, si no valida correctamente los valores de longitud del arból de decisión, al leer un archivo desecho corrompido, lo que puede resultar en un desbordamiento de búfer. • http://www.securityfocus.com/bid/96448 http://www.securitytracker.com/id/1037949 https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75 https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y https://security.gentoo.org/glsa/201706-26 https://usn.ubuntu.com/4309-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5953
https://notcve.org/view.php?id=CVE-2017-5953
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. vim en versiones anteriores a patch 8.0.0322 no valida adecuadamente los valores para la longitud del árbol cuando maneja un archivo spell, lo que puede resultar en un desbordamiento de entero en un sitio de asignación de memoria y un desbordamiento de búfer resultante. • http://www.debian.org/security/2017/dsa-3786 http://www.securityfocus.com/bid/96217 https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY https://security.gentoo.org/glsa/201706-26 https://usn.ubuntu.com/4016-1 https://usn.ubuntu.com/4309-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 81%CPEs: 2EXPL: 0CVE-2016-1248 – vim: Lack of validation of values for few options results in code exection
https://notcve.org/view.php?id=CVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. vim en versiones anteriores a patch 8.0.0056 no valida correctamente los valores para las opciones 'filetype', 'syntax' y 'keymap', lo que puede resulta en la ejecución de código arbitrario si se abre un archivo con una línea de modo especialmente manipulada. A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. • http://openwall.com/lists/oss-security/2016/11/22/20 http://rhn.redhat.com/errata/RHSA-2016-2972.html http://www.debian.org/security/2016/dsa-3722 http://www.securityfocus.com/bid/94478 http://www.securitytracker.com/id/1037338 http://www.ubuntu.com/usn/USN-3139-1 https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040 https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a& • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVSS: 9.3EPSS: 0%CPEs: 33EXPL: 0CVE-2010-3914
https://notcve.org/view.php?id=CVE-2010-3914
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en VIM Development Group GVim anterior a v7.3.034, y posiblemente versiones anteriores a v7.3.46, permite a usuarios locales, y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a cabo ataques de secuestro DLL a través de un troyano User32.dll u otra que se ubica en la misma carpeta que un archivo TXT. Nota: algunos de estos detalles han sido obtenidos a partir de información de terceros. • ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034 http://jvn.jp/en/jp/JVN27868039/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html http://secunia.com/advisories/42084 http://www.securityfocus.com/bid/44588 •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 3CVE-2008-6235 – plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-6235
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. El plugin Netrw (netrw.vim) en Vim v7.0 y v7.1 permite a atacantes asistidos por el usuario ejecutar comandos de su elección a través de metacaracteres de línea de comandos en un fichero utilizado por (1) comando "D" (borrar) o (2) variable b:netrw_curdir, como ha sido demostrado utilizando los casos de prueba netrw.v4 y netrw.v5. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34418 http://www.openwall.com/lists/oss-security/2008/10/16/2 http://www.openwall.com/lists/oss-security/2008/10/20/2 http://www.rdancer.org/vulnerablevim-netrw.html http://www.rdancer.org/vulnerablevim-netrw.v2.html http://www.rdancer.org/vulnerablevim-netrw.v5.html http://www.redhat.com/support/errata/RHSA-2008-0580.html https://oval.cisecurity.org/repository/search/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •