16 matches found
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
MiracleLinux 9 : vim-8.2.2637-23.el9_7.3.ML.1 (AXSA:2026-514:09)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-514:09 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the MiracleLin...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
OESA-2026-1922 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...
Vim modeline bypass via various options affects Vim < 9.2.0276
...
CVE-2026-34982
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...
UBUNTU-CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...
CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...
CVE-2026-34982
CVE-2026-34982 is a Vim modeline sandbox bypass. Prior to Vim 9.2.0276, a crafted file can trigger arbitrary OS command execution due to a modeline vulnerability. The issue arises because the complete, guitabtooltip and printheader options miss the P_MLE flag, allowing a modeline to be executed, ...
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...
CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...
Vim < 9.2.0276 OS Command Injection (GHSA-8h6p-m6gr-mpw9)
The version of Vim installed on the remote host is prior to 9.2.0276. It is, therefore, affected by a vulnerability as referenced in the GHSA-8h6p-m6gr-mpw9 advisory. - A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete,...
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim.
...
OS Command Injection
vim is vulnerable to OS command injection. The :source! command in a modeline allows remote attackers to execute arbitrary OS commands...
Mandriva Update for vim MDKSA-2007:101 (vim)
Check for the Version of vim OpenVAS Vulnerability Test Mandriva Update for vim MDKSA-2007:101 vim Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...