Download
| Alert*
CVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVE-2009-0316 Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated ... CVE-2017-5953 vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. CVE-2017-6350 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVE-2017-6349 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVE-2022-3297 Use After Free in GitHub repository vim/vim prior to 9.0.0579. CVE-2022-3278 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. CVE-2022-3296 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2021-3796 vim is vulnerable to Use After Free CVE-2017-17087 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /e ... CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614. CVE-2022-3324 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. CVE-2021-46059 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3928 vim is vulnerable to Use of Uninitialized Variable CVE-2021-3984 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3968 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3973 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3974 vim is vulnerable to Use After Free CVE-2021-4192 vim is vulnerable to Use After Free CVE-2021-4193 vim is vulnerable to Out-of-bounds Read CVE-2021-4166 vim is vulnerable to Out-of-bounds Read CVE-2021-4136 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4069 vim is vulnerable to Use After Free CVE-2021-4019 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3903 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3875 vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0128 vim is vulnerable to Out-of-bounds Read CVE-2022-0213 vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-0407 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-1796 Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVE-2022-1785 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. CVE-2022-1771 Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVE-2022-2522 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. CVE-2022-2175 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2129 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2183 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-2182 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2210 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2208 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. CVE-2022-2206 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-2207 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2286 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2287 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2284 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVE-2022-2285 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. CVE-2022-2264 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVE-2022-2257 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2231 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. CVE-2022-2304 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVE-2022-2345 Use After Free in GitHub repository vim/vim prior to 9.0.0046. CVE-2022-2343 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. CVE-2022-2344 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. CVE-2022-2571 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. CVE-2022-2598 Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. CVE-2022-2581 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. CVE-2022-2580 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. CVE-2022-3016 Use After Free in GitHub repository vim/vim prior to 9.0.0286. CVE-2022-3099 Use After Free in GitHub repository vim/vim prior to 9.0.0360. CVE-2022-3037 Use After Free in GitHub repository vim/vim prior to 9.0.0322. CVE-2022-3134 Use After Free in GitHub repository vim/vim prior to 9.0.0389. CVE-2022-2849 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. CVE-2022-2845 Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. CVE-2022-2819 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. CVE-2022-2817 Use After Free in GitHub repository vim/vim prior to 9.0.0213. CVE-2022-2816 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. CVE-2022-2889 Use After Free in GitHub repository vim/vim prior to 9.0.0225. CVE-2022-2874 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. CVE-2022-2862 Use After Free in GitHub repository vim/vim prior to 9.0.0221. CVE-2022-2946 Use After Free in GitHub repository vim/vim prior to 9.0.0246. CVE-2022-2923 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. CVE-2022-2982 Use After Free in GitHub repository vim/vim prior to 9.0.0260. CVE-2022-2980 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. CVE-2022-3705 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to add ... CVE-2022-3153 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-0696 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0351 Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-1735 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. CVE-2022-1733 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. CVE-2022-1851 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-1898 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2125 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2126 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124 Buffer Over-read in GitHub repository vim/vim prior to 8.2. |