FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-27 12:33:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2ec7816d-fdb7-11ef-91ff-b42e991fc52e	vim -- Improper Input Validation in Vim security-advisories@github.com reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shellcommands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). Discovery 2025-03-03 Entry 2025-03-10 vim < 9.1.1164 vim-gtk2 < 9.1.1164 vim-gtk3 < 9.1.1164 vim-motif < 9.1.1164 vim-tiny < 9.1.1164 vim-x11 < 9.1.1164 CVE-2025-27423 https://nvd.nist.gov/vuln/detail/CVE-2025-27423
398d1ec1-f7e6-11ef-bb15-002590af0794	vim -- Potential code execution vim reports: Summary Potential code execution with tar.vim and special crafted tar files Description Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Since commit 129a844 (Nov 11, 2024 runtime(tar): Update tar.vim to support permissions), the tar.vim plugin uses the ":read " ex command line to append below the cursor position, however the is not sanitized and is taken literaly from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). Impact Impact is high but a user must be convinced to edit such a file using Vim which will reveal the filename, so a careful user may suspect some strange things going on. Discovery 2025-03-02 Entry 2025-03-02 vim vim-gtk2 vim-gtk3 vim-motif vim-x11 vim-tiny < 9.1.1164 https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3

VuXML ID

Description

2ec7816d-fdb7-11ef-91ff-b42e991fc52e

vim -- Improper Input Validation in Vim

security-advisories@github.com reports:

Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shellcommands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL).

Discovery 2025-03-03
Entry 2025-03-10
vim

< 9.1.1164

vim-gtk2

< 9.1.1164

vim-gtk3

< 9.1.1164

vim-motif

< 9.1.1164

vim-tiny

< 9.1.1164

vim-x11

< 9.1.1164

CVE-2025-27423
https://nvd.nist.gov/vuln/detail/CVE-2025-27423

398d1ec1-f7e6-11ef-bb15-002590af0794

vim -- Potential code execution

vim reports:

Summary

Potential code execution with tar.vim and special crafted tar files

Description

Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files.

Since commit 129a844 (Nov 11, 2024 runtime(tar): Update tar.vim to support permissions), the tar.vim plugin uses the ":read " ex command line to append below the cursor position, however the is not sanitized and is taken literaly from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL).

Impact

Impact is high but a user must be convinced to edit such a file using Vim which will reveal the filename, so a careful user may suspect some strange things going on.

Discovery 2025-03-02
Entry 2025-03-02
vim
vim-gtk2
vim-gtk3
vim-motif
vim-x11
vim-tiny

< 9.1.1164

https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3