Security update for vim (important)

openSUSE security update: security update for vim ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20828-1 Rating: important References: bsc1261833 bsc1262395 bsc1264706 bsc1264707 bsc1264708 bsc1265349 bsc1265360 Cross-References: CVE-2026-39881...

Security update for vim

This update for vim fixes the following issue: Security fixes: CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. Other fixes: Update to 9.2.0398. 9.2.0398: MS-Windows: missing strptime support 9.2.0397: tabpanel: double-click opens a n...

SUSE-SU-2026:1764-1 Security update for vim

This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. Other fixes: - Update to 9.2.0398. 9.2.0398: MS-Windows: missing strptime support 9.2.0397: tabpanel: double-click opens...

CLSA-2026-1778021665 vim: Fix of CVE-2026-39881

CVE-2026-39881: fix netbeans defineAnnoType command injection by validating typeName, fg and bg against an allowlist before passing them to coloncmd; also restrict specialKeys tokens to alphanumeric characters to prevent map command injection...

Fedora 42 : vim (2026-11d7d4d8f3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-11d7d4d8f3 advisory. Security fix for CVE-2026-39881 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CLSA-2026-1778020398 vim: Fix of CVE-2026-39881

CVE-2026-39881: fix netbeans defineAnnoType command injection by validating typeName, fg and bg against an allowlist before passing them to coloncmd; also restrict specialKeys tokens to alphanumeric characters to prevent map command injection...

CLSA-2026-1777567716 vim: Fix of CVE-2026-39881

CVE-2026-39881: fix command injection in netbeans interface by validating defineAnnoType typeName/fg/bg and specialKeys tokens against an allowlist of safe characters before interpolating them into Ex commands...

Fedora 44 : vim (2026-3954a4ed07)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3954a4ed07 advisory. Security fix for CVE-2026-39881 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

SUSE-SU-2026:21414-1 Security update for vim

This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: - CVE-2026-39881: missing sanitization in defineAnnoType and specialKeys can lead to arbitrary Ex command injection via a malicious NetBeans server bsc1261833...

Fedora 43 : vim (2026-755c51e6a0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-755c51e6a0 advisory. Security fix for CVE-2026-39881 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

OESA-2026-2004 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

BELL-CVE-2026-39881

Bulletin has no description...

CVE-2026-39881

A flaw was found in Vim. A command injection vulnerability in Vim's NetBeans interface allows a malicious NetBeans server to execute arbitrary Ex commands when Vim connects to it. This occurs due to unsanitized strings in the defineAnnoType and specialKeys protocol messages, leading to arbitrary...

CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

CVE-2024-39881

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-39881 affecting package kernel for versions less than 6.6.112.1-1

CVE-2025-39881 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...

EUVD-2025-39881

Malicious code in dono-ketan60-riris npm...

RHEL 10 : kernel (RHSA-2025:19469)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19469 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: sr: Fix MAC comparison...

BELL-CVE-2025-39881

Bulletin has no description...

CVE-2025-39881

In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free UAF vulnerability was identified in the PSI Pressure Stall Information monitoring mechanism: BUG: KASAN: slab-use-after-free in psitriggerpoll+0x3c/0x140 Read...