13 matches found
Security update for vim
This update for vim fixes the following issues CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...
Security update for vim (important)
openSUSE security update: security update for vim ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20828-1 Rating: important References: bsc1261833 bsc1262395 bsc1264706 bsc1264707 bsc1264708 bsc1265349 bsc1265360 Cross-References: CVE-2026-39881...
Security update for vim
This update for vim fixes the following issue: Security fixes: CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. Other fixes: Update to 9.2.0398. 9.2.0398: MS-Windows: missing strptime support 9.2.0397: tabpanel: double-click opens a n...
SUSE-SU-2026:1764-1 Security update for vim
This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. Other fixes: - Update to 9.2.0398. 9.2.0398: MS-Windows: missing strptime support 9.2.0397: tabpanel: double-click opens...
CLSA-2026-1778021665 vim: Fix of CVE-2026-39881
CVE-2026-39881: fix netbeans defineAnnoType command injection by validating typeName, fg and bg against an allowlist before passing them to coloncmd; also restrict specialKeys tokens to alphanumeric characters to prevent map command injection...
Fedora 42 : vim (2026-11d7d4d8f3)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-11d7d4d8f3 advisory. Security fix for CVE-2026-39881 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
CLSA-2026-1778020398 vim: Fix of CVE-2026-39881
CVE-2026-39881: fix netbeans defineAnnoType command injection by validating typeName, fg and bg against an allowlist before passing them to coloncmd; also restrict specialKeys tokens to alphanumeric characters to prevent map command injection...
CLSA-2026-1777567716 vim: Fix of CVE-2026-39881
CVE-2026-39881: fix command injection in netbeans interface by validating defineAnnoType typeName/fg/bg and specialKeys tokens against an allowlist of safe characters before interpolating them into Ex commands...
Fedora 44 : vim (2026-3954a4ed07)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3954a4ed07 advisory. Security fix for CVE-2026-39881 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
SUSE-SU-2026:21414-1 Security update for vim
This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: - CVE-2026-39881: missing sanitization in defineAnnoType and specialKeys can lead to arbitrary Ex command injection via a malicious NetBeans server bsc1261833...
OESA-2026-2004 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...
CVE-2026-39881
A flaw was found in Vim. A command injection vulnerability in Vim's NetBeans interface allows a malicious NetBeans server to execute arbitrary Ex commands when Vim connects to it. This occurs due to unsanitized strings in the defineAnnoType and specialKeys protocol messages, leading to arbitrary...
CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...