Vulnerabilities > VIM > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian
7.8
2021-09-15 CVE-2021-3796 vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian netapp
7.3
2021-09-15 CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian netapp
7.8
2021-09-06 CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject netapp
7.8
2019-12-30 CVE-2019-20079 Use After Free vulnerability in multiple products
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
local
low complexity
vim canonical CWE-416
7.8
2019-06-05 CVE-2019-12735 OS Command Injection vulnerability in multiple products
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
local
low complexity
vim neovim CWE-78
8.6
2017-07-08 CVE-2017-11109 Use After Free vulnerability in VIM 8.0
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file.
local
low complexity
vim CWE-416
7.8
2016-11-23 CVE-2016-1248 Improper Input Validation vulnerability in multiple products
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
local
low complexity
vim debian CWE-20
7.8