Vim Security Vulnerabilities
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the ...
9.2AI Score
0.011EPSS
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not proper...
8AI Score
0.011EPSS
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not proper...
8AI Score
0.011EPSS
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue r...
8AI Score
0.011EPSS
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahe...
7.1AI Score
0.0004EPSS
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
7.6AI Score
0.006EPSS
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument af...
9.8AI Score
0.011EPSS
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote ...
8AI Score
0.002EPSS
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
7.8AI Score
0.003EPSS
Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrate...
7.8AI Score
0.001EPSS
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in t...
7.6AI Score
0.004EPSS
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
7.8CVSS
7.1AI Score
0.8EPSS
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
5.5CVSS
5.5AI Score
0.0004EPSS
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
7.8CVSS
6.7AI Score
0.001EPSS
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /...
5.5CVSS
5.2AI Score
0.0004EPSS
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
9.8CVSS
8.7AI Score
0.01EPSS
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
9.8CVSS
8.6AI Score
0.009EPSS
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
9.8CVSS
8.6AI Score
0.009EPSS
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
8.6CVSS
7.7AI Score
0.004EPSS
7.8CVSS
7.5AI Score
0.001EPSS
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
5.3CVSS
6AI Score
0.0005EPSS
Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.
9.8CVSS
9.5AI Score
0.004EPSS
vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.
5.5CVSS
5.2AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
8CVSS
7.6AI Score
0.003EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.1CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
8.2AI Score
0.001EPSS
5.5CVSS
6.9AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.001EPSS
3.3CVSS
3.6AI Score
0.001EPSS
6.6CVSS
6.5AI Score
0.001EPSS
7.8CVSS
8.6AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.009EPSS
5.5CVSS
6.1AI Score
0.001EPSS