Vim Development Group Vim — known CVE vulnerabilities
Every CVE whose affected-product data names Vim Development Group Vim, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2005-2368 — CVSS 9.3 (critical): vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell…
CVE-2007-2438 — CVSS 7.6 (high): The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted…
CVE-2004-1138 — CVSS 7.2 (high): VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is…
CVE-2007-2953 — CVSS 6.8 (medium): Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted…
CVE-2001-0408 — CVSS 5.1 (medium): vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when…
CVE-2005-0069 — CVSS 4.6 (medium): The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on…
CVE-2002-1377 — CVSS 4.6 (medium): vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which…
CVE-2001-0409 — CVSS 2.1 (low): vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the…