FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c11629d3-c8ad-11e6-ae1b-002590263bf5vim -- arbitrary command execution

Mitre reports:

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.


Discovery 2016-11-22
Entry 2016-12-23
vim
vim-console
vim-lite
< 8.0.0056

neovim
< 0.1.7

CVE-2016-1248
94478
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
bd9fc2bf-5ffe-11d9-a11a-000a95bc6faevim -- vulnerabilities in modeline handling

Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads:

Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh)

Solution: Don't allow setting termcap options or 'printdevice' or 'titleold' in a modeline. Don't list options for "termcap" and "all" in a modeline. Don't allow unusual characters in 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode' and 'langmenu'.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.


Discovery 2004-12-09
Entry 2005-01-06
Modified 2005-01-13
vim
vim-console
vim-lite
vim+ruby
< 6.3.45

CVE-2004-1138
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
http://groups.yahoo.com/group/vimdev/message/38084
bbdb9713-8e09-11e9-87bc-002590acae31Vim/NeoVim -- Security vulnerability

Security releases for Vim/NeoVim:

Sandbox escape allows for arbitrary code execution.


Discovery 2019-05-22
Entry 2019-06-13
vim
vim-console
vim-tiny
< 8.1.1365

neovim
< 0.3.6

https://nvd.nist.gov/vuln/detail/CVE-2019-12735
1ed03222-3c65-11dc-b3d3-0016179b2dd5vim -- Command Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "helptags_one()" function in src/ex_cmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files.


Discovery 2007-07-27
Entry 2007-07-27
vim
vim-console
vim-lite
vim-ruby
vim6
vim6-ruby
< 7.1.39

CVE-2007-2953
http://secunia.com/advisories/25941/