14 matches found
CVE-2024-41957
Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...
DEDECMSV6 has command execution vulnerability
DEDECMSV6 is based on PHP7.x development, scalable and fully open source.DEDECMSV6 has a command execution vulnerability, which can be exploited by attackers to gain control of the server...
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim.
...
NewStart CGSL MAIN 4.06 : vim Vulnerability (NS-SA-2019-0177)
The remote NewStart CGSL host, running version MAIN 4.06, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by...
vim/neovim: ': source!' command allows arbitrary command execution via modelines
It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...
Debian DSA-4487-1 : neovim - security update
User 'Arminius' discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi Vi IMproved, which also affected the Neovim fork, an extensible editor focused on modern code and features : Editors typically provide a way to embed editor configuration commands aka modelines...
vim/neovim: ': source!' command allows arbitrary command execution via modelines
It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...
vim/neovim: ': source!' command allows arbitrary command execution via modelines
It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...
OS Command Injection
vim is vulnerable to OS command injection. The :source! command in a modeline allows remote attackers to execute arbitrary OS commands...
vim/neovim: ': source!' command allows arbitrary command execution via modelines
It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...
DEBIAN-CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...
ALPINE-CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...
CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...
PT-2019-3260
Name of the Vulnerable Software and Affected Versions Vim versions prior to 8.1.1365 Neovim versions prior to 0.3.6 Description The issue is related to the lack of filtering in the :source! command in a modeline, which allows remote attackers to execute arbitrary OS commands. This can lead to...