FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c11629d3-c8ad-11e6-ae1b-002590263bf5	vim -- arbitrary command execution Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. Discovery 2016-11-22 Entry 2016-12-23 vim vim-console vim-lite < 8.0.0056 neovim < 0.1.7 CVE-2016-1248 94478 https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
bbdb9713-8e09-11e9-87bc-002590acae31	Vim/NeoVim -- Security vulnerability Security releases for Vim/NeoVim: Sandbox escape allows for arbitrary code execution. Discovery 2019-05-22 Entry 2019-06-13 vim vim-console vim-tiny < 8.1.1365 neovim < 0.3.6 https://nvd.nist.gov/vuln/detail/CVE-2019-12735
30866e6c-3c6d-11dd-98c9-00163e000016	vim -- Vim Shell Command Injection Vulnerabilities Rdancer.org reports: Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file. Discovery 2008-06-16 Entry 2008-06-21 vim vim-console vim-lite vim-ruby vim6 vim6-ruby gt 6 le 6.4.10 gt 7 lt 7.1.315 CVE-2008-2712 http://www.rdancer.org/vulnerablevim.html
1ed03222-3c65-11dc-b3d3-0016179b2dd5	vim -- Command Format String Vulnerability A Secunia Advisory reports: A format string error in the "helptags_one()" function in src/ex_cmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files. Discovery 2007-07-27 Entry 2007-07-27 vim vim-console vim-lite vim-ruby vim6 vim6-ruby < 7.1.39 CVE-2007-2953 http://secunia.com/advisories/25941/
0e1e3789-d87f-11dd-8ecd-00163e000016	vim -- multiple vulnerabilities in the netrw module Jan Minar reports: Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution. Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name. The Vim Netrw Plugin shares the FTP user name and password across all FTP sessions. Every time Vim makes a new FTP connection, it sends the user name and password of the previous FTP session to the FTP server. Discovery 2008-10-16 Entry 2009-01-02 vim vim-console vim-lite vim-gtk2 vim-gnome ge 7.0 lt 7.2 CVE-2008-3076 http://www.openwall.com/lists/oss-security/2008/10/16/2 http://www.rdancer.org/vulnerablevim-netrw.html http://www.rdancer.org/vulnerablevim-netrw.v2.html http://www.rdancer.org/vulnerablevim-netrw.v5.html http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html