Vulnerability-Lookup

CVE-2008-2712 (GCVE-0-2008-2712)

Vulnerability from cvelistv5 – Published: 2008-06-16 21:00 – Updated: 2024-08-07 09:14

Summary

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2008-06…	vendor-advisoryx_refsource_REDHAT
	http://www.rdancer.org/vulnerablevim.html	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-712-1	vendor-advisoryx_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/31681	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/32858	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/33410	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://secunia.com/advisories/34418	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/0904	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2009/0033	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/495319/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/493353/100…	mailing-listx_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/502322/100…	mailing-listx_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2008/06/16/2	mailing-listx_refsource_MLIST
	http://marc.info/?l=bugtraq&m=121494431426308&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1851…	vdb-entryx_refsource_VUPEN
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://secunia.com/advisories/30731	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32222	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	https://issues.rpath.com/browse/RPL-2622	x_refsource_CONFIRM
	http://securityreason.com/securityalert/3951	third-party-advisoryx_refsource_SREASON
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2008/2780	vdb-entryx_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2008/10/15/1	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/32864	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1020293	vdb-entryx_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT3216	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/29715	vdb-entryx_refsource_BID
	http://wiki.rpath.com/Advisories:rPSA-2008-0247	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-06…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/493352/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:14:14.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
          },
          {
            "name": "SUSE-SR:2009:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "RHSA-2008:0618",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rdancer.org/vulnerablevim.html"
          },
          {
            "name": "USN-712-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-712-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6238",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "vim-scripts-command-execution(43083)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
          },
          {
            "name": "32858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32858"
          },
          {
            "name": "33410",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33410"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "RHSA-2008:0580",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
          },
          {
            "name": "34418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "ADV-2009-0904",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0904"
          },
          {
            "name": "ADV-2009-0033",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0033"
          },
          {
            "name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
          },
          {
            "name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:11109",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
          },
          {
            "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
          },
          {
            "name": "[oss-security] 20080616 CVE Id request: vim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
          },
          {
            "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
          },
          {
            "name": "ADV-2008-1851",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1851/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
          },
          {
            "name": "30731",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30731"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2622"
          },
          {
            "name": "3951",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3951"
          },
          {
            "name": "MDVSA-2008:236",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
          },
          {
            "name": "32864",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32864"
          },
          {
            "name": "1020293",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020293"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "29715",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29715"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
          },
          {
            "name": "RHSA-2008:0617",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
          },
          {
            "name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
        },
        {
          "name": "SUSE-SR:2009:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
        },
        {
          "name": "RHSA-2008:0618",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rdancer.org/vulnerablevim.html"
        },
        {
          "name": "USN-712-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-712-1"
        },
        {
          "name": "oval:org.mitre.oval:def:6238",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "name": "vim-scripts-command-execution(43083)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
        },
        {
          "name": "32858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32858"
        },
        {
          "name": "33410",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33410"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "name": "RHSA-2008:0580",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
        },
        {
          "name": "34418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34418"
        },
        {
          "name": "ADV-2009-0904",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0904"
        },
        {
          "name": "ADV-2009-0033",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0033"
        },
        {
          "name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
        },
        {
          "name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:11109",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
        },
        {
          "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
        },
        {
          "name": "[oss-security] 20080616 CVE Id request: vim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
        },
        {
          "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
        },
        {
          "name": "ADV-2008-1851",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1851/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
        },
        {
          "name": "30731",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30731"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2622"
        },
        {
          "name": "3951",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3951"
        },
        {
          "name": "MDVSA-2008:236",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
        },
        {
          "name": "32864",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32864"
        },
        {
          "name": "1020293",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020293"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "29715",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29715"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
        },
        {
          "name": "RHSA-2008:0617",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
        },
        {
          "name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2712",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
            },
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "RHSA-2008:0618",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
            },
            {
              "name": "http://www.rdancer.org/vulnerablevim.html",
              "refsource": "MISC",
              "url": "http://www.rdancer.org/vulnerablevim.html"
            },
            {
              "name": "USN-712-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-712-1"
            },
            {
              "name": "oval:org.mitre.oval:def:6238",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "vim-scripts-command-execution(43083)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
            },
            {
              "name": "32858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32858"
            },
            {
              "name": "33410",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33410"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "RHSA-2008:0580",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "ADV-2009-0904",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0904"
            },
            {
              "name": "ADV-2009-0033",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0033"
            },
            {
              "name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
            },
            {
              "name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:11109",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
            },
            {
              "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
            },
            {
              "name": "[oss-security] 20080616 CVE Id request: vim",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
            },
            {
              "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
            },
            {
              "name": "ADV-2008-1851",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1851/references"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
            },
            {
              "name": "30731",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30731"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2622",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2622"
            },
            {
              "name": "3951",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3951"
            },
            {
              "name": "MDVSA-2008:236",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
            },
            {
              "name": "32864",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32864"
            },
            {
              "name": "1020293",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020293"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "29715",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29715"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0247",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
            },
            {
              "name": "RHSA-2008:0617",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
            },
            {
              "name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2712",
    "datePublished": "2008-06-16T21:00:00.000Z",
    "dateReserved": "2008-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:14:14.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2008-2712

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2712

Aliases

CVE-2008-2712

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2712",
    "description": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
    "id": "GSD-2008-2712",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2712.html",
      "https://www.debian.org/security/2009/dsa-1733",
      "https://access.redhat.com/errata/RHSA-2008:0618",
      "https://access.redhat.com/errata/RHSA-2008:0617",
      "https://access.redhat.com/errata/RHSA-2008:0580",
      "https://linux.oracle.com/cve/CVE-2008-2712.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2712"
      ],
      "details": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
      "id": "GSD-2008-2712",
      "modified": "2023-12-13T01:23:00.521568Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2712",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
          },
          {
            "name": "SUSE-SR:2009:007",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "RHSA-2008:0618",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
          },
          {
            "name": "http://www.rdancer.org/vulnerablevim.html",
            "refsource": "MISC",
            "url": "http://www.rdancer.org/vulnerablevim.html"
          },
          {
            "name": "USN-712-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-712-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6238",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
          },
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "vim-scripts-command-execution(43083)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
          },
          {
            "name": "32858",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32858"
          },
          {
            "name": "33410",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33410"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "RHSA-2008:0580",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
          },
          {
            "name": "34418",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "ADV-2009-0904",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0904"
          },
          {
            "name": "ADV-2009-0033",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0033"
          },
          {
            "name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
          },
          {
            "name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:11109",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
          },
          {
            "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
          },
          {
            "name": "[oss-security] 20080616 CVE Id request: vim",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
          },
          {
            "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
          },
          {
            "name": "ADV-2008-1851",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1851/references"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
          },
          {
            "name": "30731",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30731"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "http://support.apple.com/kb/HT4077",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-2622",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-2622"
          },
          {
            "name": "3951",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3951"
          },
          {
            "name": "MDVSA-2008:236",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
          },
          {
            "name": "32864",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32864"
          },
          {
            "name": "1020293",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020293"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "29715",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29715"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0247",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
          },
          {
            "name": "RHSA-2008:0617",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
          },
          {
            "name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.314",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2712"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.rdancer.org/vulnerablevim.html",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.rdancer.org/vulnerablevim.html"
            },
            {
              "name": "[oss-security] 20080616 CVE Id request: vim",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
            },
            {
              "name": "29715",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/29715"
            },
            {
              "name": "30731",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30731"
            },
            {
              "name": "1020293",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1020293"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2622",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2622"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0247",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "33410",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/33410"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
            },
            {
              "name": "USN-712-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-712-1"
            },
            {
              "name": "3951",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/3951"
            },
            {
              "name": "RHSA-2008:0617",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
            },
            {
              "name": "RHSA-2008:0580",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
            },
            {
              "name": "20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
            },
            {
              "name": "[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
            },
            {
              "name": "MDVSA-2008:236",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
            },
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
            },
            {
              "name": "ADV-2009-0904",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0904"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "ADV-2009-0033",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0033"
            },
            {
              "name": "ADV-2008-1851",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1851/references"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "32858",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/32858"
            },
            {
              "name": "32864",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/32864"
            },
            {
              "name": "RHSA-2008:0618",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
            },
            {
              "name": "vim-scripts-command-execution(43083)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
            },
            {
              "name": "oval:org.mitre.oval:def:6238",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
            },
            {
              "name": "oval:org.mitre.oval:def:11109",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
            },
            {
              "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
            },
            {
              "name": "20080811 rPSA-2008-0247-1 gvim vim vim-minimal",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
            },
            {
              "name": "20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
            },
            {
              "name": "20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-11-01T15:07Z",
      "publishedDate": "2008-06-16T21:41Z"
    }
  }
}

GHSA-J8HM-6QV5-GJ2W

Vulnerability from github – Published: 2022-05-01 23:52 – Updated: 2022-05-01 23:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-16T21:41:00Z",
    "severity": "HIGH"
  },
  "details": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.",
  "id": "GHSA-j8hm-6qv5-gj2w",
  "modified": "2022-05-01T23:52:37Z",
  "published": "2022-05-01T23:52:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2712"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2622"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30731"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32858"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32864"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33410"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3951"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
    },
    {
      "type": "WEB",
      "url": "http://www.rdancer.org/vulnerablevim.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29715"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020293"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-712-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1851/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0033"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0904"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-2712

Vulnerability from fkie_nvd - Published: 2008-06-16 21:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	Third Party Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=121494431426308&w=2	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30731	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/32222	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/32858	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/32864	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/33410	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34418	Third Party Advisory
cve@mitre.org	http://securityreason.com/securityalert/3951	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT3216	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT4077	Third Party Advisory
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm	Third Party Advisory
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm	Third Party Advisory
cve@mitre.org	http://wiki.rpath.com/Advisories:rPSA-2008-0247	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:236	Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/06/16/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/10/15/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.rdancer.org/vulnerablevim.html	Broken Link
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0580.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0617.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0618.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/493352/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/493353/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/495319/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/502322/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/29715	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/31681	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1020293	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/USN-712-1	Third Party Advisory
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0004.html	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1851/references	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2780	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0033	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0904	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43083	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.rpath.com/browse/RPL-2622	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=121494431426308&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30731	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32858	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32864	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33410	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34418	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3951	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4077	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2008-0247	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:236	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/06/16/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/15/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rdancer.org/vulnerablevim.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0580.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0617.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0618.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493352/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493353/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495319/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502322/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29715	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020293	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-712-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1851/references	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0033	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0904	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43083	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2622	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238	Third Party Advisory

Impacted products

Vendor	Product	Version
vim	vim	*
vim	vim	*
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1BE7C9-D945-49CC-8528-F8BF2278AF28",
              "versionEndIncluding": "6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "524293F0-FD6A-4E9E-B342-A67B48492FF4",
              "versionEndIncluding": "7.1.314",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075."
    },
    {
      "lang": "es",
      "value": "Vim 7.1.314, 6.4 y otras versiones, permiten a atacantes remotos asistidos por el usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de secuencias de comandos Vim que cuyos inputs no son limpiados correctamente previa a la ejecuci\u00f3n o las funciones del sistema como se ha demostrado con (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim y (5) netrw."
    }
  ],
  "id": "CVE-2008-2712",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-06-16T21:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32864"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33410"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3951"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.rdancer.org/vulnerablevim.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29715"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020293"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-712-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1851/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0033"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0904"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-2622"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=121494431426308\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/06/16/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/10/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.rdancer.org/vulnerablevim.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493352/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493353/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/495319/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-712-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1851/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-2622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: 2010-03-30 - Updated: 2010-03-30

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "initial_release_date": "2010-03-30T00:00:00",
  "last_revision_date": "2010-03-30T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis - Published: 2008-10-13 - Updated: 2008-10-13

Plusieurs vulnérabilités affectant Apple Mac Os X permettent à une personne malveillante d'effectuer une exécution de code arbitraire, de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Elles permettent à une personne malintentionnée d'effectuer une exécution de code arbitraire , de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3216 du 09 octobre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Mac OS X. Ces\nderni\u00e8res affectent entre autres :\n\n-   ColorSync ;\n-   CUPS ;\n-   Finder ;\n-   Postfix ;\n-   Networking ;\n-   ...\n\nElles permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code arbitraire , de provoquer un d\u00e9ni de service \u00e0\ndistance, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges sur le\nsyst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2008-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3643"
    },
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2008-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3642"
    },
    {
      "name": "CVE-2008-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4212"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2008-4215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4215"
    },
    {
      "name": "CVE-2007-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6420"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2008-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3646"
    },
    {
      "name": "CVE-2008-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3912"
    },
    {
      "name": "CVE-2008-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3914"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3432"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2008-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3641"
    },
    {
      "name": "CVE-2008-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3913"
    },
    {
      "name": "CVE-2008-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3294"
    },
    {
      "name": "CVE-2008-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3645"
    },
    {
      "name": "CVE-2008-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3647"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4214"
    },
    {
      "name": "CVE-2008-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1767"
    },
    {
      "name": "CVE-2008-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-4211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4211"
    }
  ],
  "initial_release_date": "2008-10-13T00:00:00",
  "last_revision_date": "2008-10-13T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apple Mac Os X permettent \u00e0 une\npersonne malveillante d\u0027effectuer une ex\u00e9cution de code arbitraire, de\nprovoquer un d\u00e9ni de service \u00e0 distance, de contourner la politique de\ns\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nd\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3216 du 09 octobre 2008",
      "url": "http://support.apple.com/kb/HT3216"
    }
  ]
}

CERTA-2009-AVI-101

Vulnerability from certfr_avis - Published: 2009-03-18 - Updated: 2009-03-18

Plusieurs vulnérabilités de vim permettent à un individu malintentionné d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de vim ont été découvertes :

la première (CVE-2007-2953) concerne un défaut de validation des données fournies à la commande helptags ;
la seconde (CVE-2008-2712) concerne un défaut de validation d'arguments lors d'appel système par un script vim ;
la troisième (CVE-2008-3074) concerne un manque de validation des noms de fichier par l'extension tar de vim ;
la quatrième (CVE-2008-3075) concerne un manque de validation des noms de fichier par l'extension zip de vim ;
la cinquième (CVE-2008-3076 et CVE-2008-6235) concerne un manque de validation des noms de fichier par l'extension netrw de vim ;
la dernière (CVE-2008-4101) vient d'un défaut de contrôle des caractères par la fonctionnalité de recherche de mots clef.

Toutes ces vulnérabilités permettent à un individu malintentionné d'exécuter du code arbitraire à distance par le biais d'un fichier spécialement construit ou en invitant un utilisateur à exécuter des commandes vim spécifiques.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de vim antérieures à 7.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du lancement de la version 7.2 de vim du 09 août 2008	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0580 du 25 novembre 2008 :	-	other
Annonce du lancement de la version 7.2 de vim du 09 août 2008 :	-	other
Bulletin de sécurité Debian DSA 1733 du 03 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de vim ant\u00e9rieures  \u00e0 7.2.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de vim ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   la premi\u00e8re (CVE-2007-2953) concerne un d\u00e9faut de validation des\n    donn\u00e9es fournies \u00e0 la commande helptags ;\n-   la seconde (CVE-2008-2712) concerne un d\u00e9faut de validation\n    d\u0027arguments lors d\u0027appel syst\u00e8me par un script vim ;\n-   la troisi\u00e8me (CVE-2008-3074) concerne un manque de validation des\n    noms de fichier par l\u0027extension tar de vim ;\n-   la quatri\u00e8me (CVE-2008-3075) concerne un manque de validation des\n    noms de fichier par l\u0027extension zip de vim ;\n-   la cinqui\u00e8me (CVE-2008-3076 et CVE-2008-6235) concerne un manque de\n    validation des noms de fichier par l\u0027extension netrw de vim ;\n-   la derni\u00e8re (CVE-2008-4101) vient d\u0027un d\u00e9faut de contr\u00f4le des\n    caract\u00e8res par la fonctionnalit\u00e9 de recherche de mots clef.\n\nToutes ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier\nsp\u00e9cialement construit ou en invitant un utilisateur \u00e0 ex\u00e9cuter des\ncommandes vim sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-6235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6235"
    },
    {
      "name": "CVE-2008-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3075"
    },
    {
      "name": "CVE-2007-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2953"
    },
    {
      "name": "CVE-2008-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3074"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3076"
    }
  ],
  "initial_release_date": "2009-03-18T00:00:00",
  "last_revision_date": "2009-03-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0580 du 25 novembre    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0580.html"
    },
    {
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt    2008 :",
      "url": "http://groups.google.com/group/vim_announce/browse_thread/thread/2c89671dd928812f"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1733 du 03 mars 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1733"
    }
  ],
  "reference": "CERTA-2009-AVI-101",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de vim permettent \u00e0 un individu malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans vim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du lancement de la version 7.2 de vim du 09 ao\u00fbt 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2712 (GCVE-0-2008-2712)

GSD-2008-2712

GHSA-J8HM-6QV5-GJ2W

FKIE_CVE-2008-2712

CERTA-2010-AVI-143

Description

Solution

CERTA-2008-AVI-492

Description

Solution

CERTA-2009-AVI-101

Description

Solution

Tags

Sightings

Nomenclature