FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1ed03222-3c65-11dc-b3d3-0016179b2dd5vim -- Command Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "helptags_one()" function in src/ex_cmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files.


Discovery 2007-07-27
Entry 2007-07-27
vim
vim-console
vim-lite
vim-ruby
vim6
vim6-ruby
< 7.1.39

CVE-2007-2953
http://secunia.com/advisories/25941/
bbdb9713-8e09-11e9-87bc-002590acae31Vim/NeoVim -- Security vulnerability

Security releases for Vim/NeoVim:

Sandbox escape allows for arbitrary code execution.


Discovery 2019-05-22
Entry 2019-06-13
vim
vim-console
vim-tiny
< 8.1.1365

neovim
< 0.3.6

https://nvd.nist.gov/vuln/detail/CVE-2019-12735
c11629d3-c8ad-11e6-ae1b-002590263bf5vim -- arbitrary command execution

Mitre reports:

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.


Discovery 2016-11-22
Entry 2016-12-23
vim
vim-console
vim-lite
< 8.0.0056

neovim
< 0.1.7

CVE-2016-1248
94478
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
30866e6c-3c6d-11dd-98c9-00163e000016vim -- Vim Shell Command Injection Vulnerabilities

Rdancer.org reports:

Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file.


Discovery 2008-06-16
Entry 2008-06-21
vim
vim-console
vim-lite
vim-ruby
vim6
vim6-ruby
gt 6 le 6.4.10

gt 7 lt 7.1.315

CVE-2008-2712
http://www.rdancer.org/vulnerablevim.html
81f127a8-0038-11da-86bc-000e0c2e438avim -- vulnerabilities in modeline handling: glob, expand

Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a trojaned file with modelines enabled, after which the attacker is able to execute arbitrary commands with the privileges of the user.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.


Discovery 2005-07-25
Entry 2005-07-31
vim
vim-console
vim-lite
vim+ruby
ge 6.3 lt 6.3.82

14374
CVE-2005-2368
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html