Known Vulnerabilities for products from Vim

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vim".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-3796 vim is vulnerable to Use After Free 7.3 - HIGH 2021-09-15 2021-10-16
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow 7.8 - HIGH 2021-09-15 2021-10-16
CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow 7.8 - HIGH 2021-09-06 2021-10-01
CVE-2019-20807 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfa... 5.3 - MEDIUM 2020-05-28 2020-10-20
CVE-2019-20079 The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. 7.8 - HIGH 2019-12-30 2020-10-20
CVE-2019-12735 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :so... 8.6 - HIGH 2019-06-05 2019-06-13
CVE-2017-1000382 VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") res... 5.5 - MEDIUM 2017-10-31 2017-11-27
CVE-2017-17087 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be differe... 5.5 - MEDIUM 2017-12-01 2020-10-20
CVE-2017-11109 Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted ... 7.8 - HIGH 2017-07-08 2019-08-03
CVE-2017-6350 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not pr... 9.8 - CRITICAL 2017-02-27 2018-08-13
CVE-2017-6349 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properl... 9.8 - CRITICAL 2017-02-27 2018-08-13
CVE-2017-5953 vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in a... 9.8 - CRITICAL 2017-02-10 2019-06-11
CVE-2016-1248 vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may resu... 7.8 - HIGH 2016-11-23 2017-07-28
CVE-2010-3914 Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, ... 9.3 - HIGH 2010-11-03 2010-11-05
CVE-2009-0316 Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to ex... 6.9 - MEDIUM 2009-01-28 2017-08-08
CVE-2008-6235 The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metach... 9.3 - HIGH 2009-02-21 2017-09-29
CVE-2008-4677 autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7... 4.3 - MEDIUM 2008-10-22 2017-08-08
CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute a... 9.3 - HIGH 2008-09-18 2018-10-11
CVE-2008-3432 Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attacker... 6.8 - MEDIUM 2008-10-10 2018-10-11
CVE-2008-3294 src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf te... 3.7 - LOW 2008-07-24 2018-10-11

Known software with vulnerabilities from Vim

Type Vendor Product Version
ApplicationVimVim5.6

Popular searches for "Vim"

vim | vim | noun

vim | vim | noun energy; enthusiasm New Oxford American Dictionary Dictionary

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report