Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF03 Vulnerability Details CVEID:CVE-2026-28417 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw...

vim security update

2:7.4.629-8.0.3 - Security update CVE-2026-25749 CVE-2026-28417 - CVE-2026-28421 CVE-2026-33412 Orabug: 39170094...

Oracle Linux 7 : vim (ELSA-2026-6617)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6617 advisory. - Security update CVE-2026-25749 CVE-2026-28417 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

TencentOS Server 3: vim (TSSA-2026:0260)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0260 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

MiracleLinux 9 : vim-8.2.2637-23.el9_7.2.ML.1 (AXSA:2026-447:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-447:08 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure...

RHEL 8 : vim (RHSA-2026:6729)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6729 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...

CentOS 9 : vim-8.2.2637-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the vim-8.2.2637-26.el9 build changelog. - Denial of service and information disclosure via crafted swap file CVE-2026-28421 - Arbitrary code execution via OS command injection in...

Fedora: Security Advisory (FEDORA-2026-1885157e34)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : vim (2026-1885157e34)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1885157e34 advisory. patchlevel 148 ---- Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 ---- Security...

Fedora: Security Advisory (FEDORA-2026-651ba4626f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2026-0049)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issu...

CVE-2026-28421

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issu...

CVE-2023-28421

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10...

CVE-2020-28421

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot controller component that allows local attackers to elevate privileges...

CVE-2024-28421

CVE-2024-28421 affects Razor 0.8.0. The vulnerability is a SQL Injection in ChannelModel::updateapk within channelmodle.php, which could let a remote attacker escalate privileges. In confirmed third-party sources, mitigation guidance for Razor v0.8.0 includes disabling the ChannelModel::updateapk...

CVE-2023-28421

creationtimestamp| type| source ---|---|--- 2023-12-21 15:21:41+00:00| seen| https://t.me/ctinow/157744 2024-01-14 11:11:30+00:00| seen| https://t.me/ctinow/167999...

CVE-2023-28421

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10...

CVE-2023-28421 WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.10 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10...