Total
194 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0213 | 2 Debian, Vim | 2 Debian Linux, Vim | 2023-12-10 | 6.8 MEDIUM | 6.6 MEDIUM |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-3875 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2022-0407 | 1 Vim | 1 Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2021-3973 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-3968 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-12-10 | 8.5 HIGH | 8.0 HIGH |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-3928 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
vim is vulnerable to Use of Uninitialized Variable | |||||
CVE-2021-4192 | 4 Apple, Debian, Fedoraproject and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
vim is vulnerable to Use After Free | |||||
CVE-2022-0261 | 3 Apple, Debian, Vim | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2022-0392 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. | |||||
CVE-2022-0393 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2022-0443 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2022-0368 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2021-3872 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2021-3770 | 3 Fedoraproject, Netapp, Vim | 3 Fedora, Ontap Select Deploy Administration Utility, Vim | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow | |||||
CVE-2019-20807 | 6 Apple, Canonical, Debian and 3 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | |||||
CVE-2019-20079 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | |||||
CVE-2019-12735 | 2 Neovim, Vim | 2 Neovim, Vim | 2023-12-10 | 9.3 HIGH | 8.6 HIGH |
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | |||||
CVE-2017-1000382 | 1 Vim | 1 Vim | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. | |||||
CVE-2017-11109 | 1 Vim | 1 Vim | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. | |||||
CVE-2017-17087 | 3 Canonical, Debian, Vim | 3 Ubuntu Linux, Debian Linux, Vim | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. |