FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c11629d3-c8ad-11e6-ae1b-002590263bf5vim -- arbitrary command execution

Mitre reports:

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.


Discovery 2016-11-22
Entry 2016-12-23
vim
vim-console
vim-lite
< 8.0.0056

neovim
< 0.1.7

CVE-2016-1248
94478
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
30866e6c-3c6d-11dd-98c9-00163e000016vim -- Vim Shell Command Injection Vulnerabilities

Rdancer.org reports:

Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file.


Discovery 2008-06-16
Entry 2008-06-21
vim
vim-console
vim-lite
vim-ruby
vim6
vim6-ruby
gt 6 le 6.4.10

gt 7 lt 7.1.315

CVE-2008-2712
http://www.rdancer.org/vulnerablevim.html
1ed03222-3c65-11dc-b3d3-0016179b2dd5vim -- Command Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "helptags_one()" function in src/ex_cmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files.


Discovery 2007-07-27
Entry 2007-07-27
vim
vim-console
vim-lite
vim-ruby
vim6
vim6-ruby
< 7.1.39

CVE-2007-2953
http://secunia.com/advisories/25941/
bd9fc2bf-5ffe-11d9-a11a-000a95bc6faevim -- vulnerabilities in modeline handling

Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads:

Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh)

Solution: Don't allow setting termcap options or 'printdevice' or 'titleold' in a modeline. Don't list options for "termcap" and "all" in a modeline. Don't allow unusual characters in 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode' and 'langmenu'.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.


Discovery 2004-12-09
Entry 2005-01-06
Modified 2005-01-13
vim
vim-console
vim-lite
vim+ruby
< 6.3.45

CVE-2004-1138
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
http://groups.yahoo.com/group/vimdev/message/38084