| Bug | stretch | buster | bullseye | bookworm | sid | Description |
|---|
| CVE-2022-0213 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2022-0158 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2022-0156 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | vim is vulnerable to Use After Free ... |
| CVE-2022-0128 | fixed | fixed | fixed | vulnerable | vulnerable | vim is vulnerable to Out-of-bounds Read ... |
| CVE-2021-4193 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Out-of-bounds Read ... |
| CVE-2021-4192 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Use After Free ... |
| CVE-2021-4187 | fixed | fixed | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Use After Free ... |
| CVE-2021-4173 | fixed | fixed | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Use After Free ... |
| CVE-2021-4166 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Out-of-bounds Read ... |
| CVE-2021-4136 | fixed | fixed | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-4069 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Use After Free ... |
| CVE-2021-4019 | vulnerable | vulnerable | vulnerable | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3984 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3974 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Use After Free ... |
| CVE-2021-3973 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3968 | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3928 | vulnerable (no DSA) | vulnerable | vulnerable | fixed | fixed | vim is vulnerable to Use of Uninitialized Variable ... |
| CVE-2021-3927 | vulnerable (no DSA) | vulnerable | vulnerable | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3903 | vulnerable (no DSA) | vulnerable | vulnerable | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3872 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3796 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | vim is vulnerable to Use After Free ... |
| CVE-2021-3778 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2021-3770 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2019-20807 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | In Vim before 8.1.0881, users can circumvent the rvim restricted mode ... |
| Bug | Description |
|---|
| CVE-2021-3875 | vim is vulnerable to Heap-based Buffer Overflow ... |
| CVE-2019-20079 | The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ... |
| CVE-2019-12735 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ... |
| CVE-2018-20786 | libvterm through 0+bzr726, as used in Vim and other products, mishandl ... |
| CVE-2017-17087 | fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ... |
| CVE-2017-11109 | Vim 8.0 allows attackers to cause a denial of service (invalid free) o ... |
| CVE-2017-6350 | An integer overflow at an unserialize_uep memory allocation site would ... |
| CVE-2017-6349 | An integer overflow at a u_read_undo memory allocation site would occu ... |
| CVE-2017-5953 | vim before patch 8.0.0322 does not properly validate values for tree l ... |
| CVE-2016-1248 | vim before patch 8.0.0056 does not properly validate values for the 'f ... |
| CVE-2010-3914 | Untrusted search path vulnerability in VIM Development Group GVim befo ... |
| CVE-2009-0316 | Untrusted search path vulnerability in src/if_python.c in the Python i ... |
| CVE-2008-6235 | The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted a ... |
| CVE-2008-4101 | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters ... |
| CVE-2008-3432 | Heap-based buffer overflow in the mch_expand_wildcards function in os_ ... |
| CVE-2008-3294 | src/configure.in in Vim 5.0 through 7.1, when used for a build with Py ... |
| CVE-2008-3076 | The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted ... |
| CVE-2008-3075 | The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ... |
| CVE-2008-3074 | The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ... |
| CVE-2008-2712 | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ... |
| CVE-2007-2953 | Format string vulnerability in the helptags_one function in src/ex_cmd ... |
| CVE-2007-2438 | The sandbox for vim allows dangerous functions such as (1) writefile, ... |
| CVE-2005-2368 | vim 6.3 before 6.3.082, with modelines enabled, allows external user-a ... |
| CVE-2005-0069 | The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local user ... |
| CVE-2004-1138 | VIM before 6.3 and gVim before 6.3 allow local users to execute arbitr ... |
| CVE-2002-1377 | vim 6.0 and 6.1, and possibly other versions, allows attackers to exec ... |