Vulnerabilities > VIM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-19 | CVE-2021-3872 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
2021-09-15 | CVE-2021-3796 | vim is vulnerable to Use After Free | 7.3 |
2021-09-15 | CVE-2021-3778 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
2021-09-06 | CVE-2021-3770 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
2019-12-30 | CVE-2019-20079 | Use After Free vulnerability in multiple products The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | 7.8 |
2019-06-05 | CVE-2019-12735 | OS Command Injection vulnerability in multiple products getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | 8.6 |
2017-07-08 | CVE-2017-11109 | Use After Free vulnerability in VIM 8.0 Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. | 7.8 |
2016-11-23 | CVE-2016-1248 | Improper Input Validation vulnerability in multiple products vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | 7.8 |