Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vim vim vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2953
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and previous versions, and 7.x up to 7.1, allows user-assisted remote malicious users to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the help...
Vim Development Group Vim 7.1
Vim Development Group Vim 7.1.38
Vim Development Group Vim
Vim Development Group Vim 7.0
NA
CVE-2005-0069
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
Vim Development Group Vim 6.3.011
Vim Development Group Vim 6.3.025
Vim Development Group Vim 6.3.030
Vim Development Group Vim 6.3.044
NA
CVE-2008-6235
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted malicious users to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5...
Vim Vim 7.1
Vim Vim 7.0
NA
CVE-2008-3432
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted malicious users to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
Vim Vim 6.3
Vim Vim 6.2
1 EDB exploit
7.8
CVSSv3
CVE-2022-3591
Use After Free in GitHub repository vim/vim before 9.0.0789.
Vim Vim
5.5
CVSSv3
CVE-2023-1355
NULL Pointer Dereference in GitHub repository vim/vim before 9.0.1402.
Vim Vim
9.8
CVSSv3
CVE-2017-5953
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
Vim Vim
9.8
CVSSv3
CVE-2017-6349
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Vim Vim
9.8
CVSSv3
CVE-2017-6350
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Vim Vim
7.8
CVSSv3
CVE-2023-2610
Integer Overflow or Wraparound in GitHub repository vim/vim before 9.0.1532.
Vim Vim
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »