Vulnerabilities > VIM

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-3872 Out-of-bounds Write vulnerability in VIM
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim CWE-787
4.6
2021-10-15 CVE-2021-3875 Out-of-bounds Write vulnerability in VIM
vim is vulnerable to Heap-based Buffer Overflow
network
vim CWE-787
6.8
2021-09-15 CVE-2021-3796 Use After Free vulnerability in VIM
vim is vulnerable to Use After Free
network
vim CWE-416
6.8
2021-09-15 CVE-2021-3778 Out-of-bounds Write vulnerability in VIM
vim is vulnerable to Heap-based Buffer Overflow
network
vim CWE-787
6.8
2021-09-06 CVE-2021-3770 Out-of-bounds Write vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject CWE-787
4.6
2020-05-28 CVE-2019-20807 OS Command Injection vulnerability in VIM
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
local
low complexity
vim CWE-78
4.6
2019-12-30 CVE-2019-20079 Use After Free vulnerability in multiple products
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
6.8
2019-06-05 CVE-2019-12735 OS Command Injection vulnerability in VIM
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
network
vim neovim CWE-78
critical
9.3
2017-12-01 CVE-2017-17087 Information Exposure vulnerability in VIM
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
local
low complexity
vim CWE-200
2.1
2017-10-31 CVE-2017-1000382 Information Exposure vulnerability in VIM
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
local
low complexity
vim CWE-200
2.1