cbcvebase.
CVE-2005-2368
published 2005-07-26

CVE-2005-2368: vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob…

PriorityP337critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.73%
84.2th percentile
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianvim< vim 1:6.3-085+1 (bookworm)vim 1:6.3-085+1 (bookworm)
vimvim>= 0 < 1:6.3-085+11:6.3-085+1
vimvim>= 0 < 1:6.3-085+11:6.3-085+1
vimvim>= 0 < 1:6.3-085+11:6.3-085+1
vimvim>= 0 < 1:6.3-085+11:6.3-085+1
vim_development_groupvim
vim_development_groupvim
vim_development_groupvim
vim_development_groupvim
vim_development_groupvim
vim_development_groupvim

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.