NewStart CGSL MAIN 6.06 : vim Vulnerability (NS-SA-2025-0217)

The remote NewStart CGSL host, running version MAIN 6.06, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by...

Ubuntu 18.04 ESM : Neovim vulnerability (USN-4862-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4862-1 advisory. It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

F5 Networks BIG-IP : Vim/Neovim vulnerability (K93144355)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K93144355 advisory. getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands vi...

Debian: Security Advisory (DLA-718-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K22183127: Vim vulnerability CVE-2016-1248

Security Advisory Description vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVE-2016-1248 Impact A local attacker may abuse...

SUSE CVE-2004-1138

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as 1 termcap, 2 printdevice, 3 titleold, 4 filetype, 5 syntax, 6 backupext, 7 keymap, 8 patchmode, or 9 langmenu...

SUSE CVE-2016-1248

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

SUSE CVE-2019-12735

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...

Ubuntu: Security Advisory (USN-52-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim.

...

GLSA-202003-04 : Vim, gVim: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202003-04 Vim, gVim: Remote execution of arbitrary code It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result i...

NewStart CGSL MAIN 4.05 : vim Vulnerability (NS-SA-2020-0020)

The remote NewStart CGSL host, running version MAIN 4.05, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by...

Updated vim and neovim packages fix security vulnerability

Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands whe...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2017-1034)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-12735

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. Mitigation The vulnerability can be triggered only if modeline is enabled. You can check...

NewStart CGSL MAIN 4.06 : vim Vulnerability (NS-SA-2019-0177)

The remote NewStart CGSL host, running version MAIN 4.06, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by...

NewStart CGSL CORE 5.05 / MAIN 5.05 : vim Vulnerability (NS-SA-2019-0164)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has vim packages installed that are affected by a vulnerability: - It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim...

vim security update

2:7.4.629-5.2 - 1724045 - fix CVE-2019-12735 the :source! command allows arbitrary command execution via the modeline - fix spec warnings about expanding macros...

OS Command Injection

vim is vulnerable to OS command injection. The :source! command in a modeline allows remote attackers to execute arbitrary OS commands...

Linux Command-Line Editors Vulnerable to High-Severity Bug

A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text fil...