Download
| Alert*
oval:org.secpod.oval:def:55330
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:89003189 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c . oval:org.secpod.oval:def:89003345 This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c . oval:org.secpod.oval:def:57796 User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi , which also affected the Neovim fork, an extensible editor focused on modern code and features: Editors typically provide a way to embed editor configuration commands which are executed ... oval:org.secpod.oval:def:116745 VIM is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. oval:org.secpod.oval:def:1801470 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:1601023 It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution oval:org.secpod.oval:def:116732 VIM is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. oval:org.secpod.oval:def:705011 neovim: heavily refactored vim fork Neovim could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705012 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:503180 Vim is an updated and improved version of the vi editor. Security Fix: * vim/neovim: ":source!" command allows arbitrary command execution via modelines For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE p ... oval:org.secpod.oval:def:2104940 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:603949 The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue. oval:org.secpod.oval:def:603947 User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi . The Common vulnerabilities and exposures project identifies the following problem: Editors typically provide a way to embed editor configuration commands which are executed once a file is opened, w ... oval:org.secpod.oval:def:205223 Vim is an updated and improved version of the vi editor. Security Fix: * vim/neovim: ":source!" command allows arbitrary command execution via modelines For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE p ... oval:org.secpod.oval:def:503171 Vim is an updated and improved version of the vi editor. Security Fix: * vim/neovim: ":source!" command allows arbitrary command execution via modelines For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE p ... oval:org.secpod.oval:def:55530 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:55649 The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue. oval:org.secpod.oval:def:205233 Vim is an updated and improved version of the vi editor. Security Fix: * vim/neovim: ":source!" command allows arbitrary command execution via modelines For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE p ... oval:org.secpod.oval:def:1502572 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:55648 User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi . The "Common vulnerabilities and exposures project" identifies the following problem: Editors typically provide a way to embed editor configuration commands which are executed ... oval:org.secpod.oval:def:1902050 Modelines allow arbitrary code execution by opening a specially crafted text file oval:org.secpod.oval:def:1502652 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:604462 User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi , which also affected the Neovim fork, an extensible editor focused on modern code and features: Editors typically provide a way to embed editor configuration commands which are executed once a file ... oval:org.secpod.oval:def:1700200 It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution oval:org.secpod.oval:def:1502558 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:55459 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:55531 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. |