11 matches found
Vim < 9.2.0357 Command Injection via Tag Filenames (GHSA-cwgx-gcj7-6qh8)
The version of Vim installed on the remote host is prior to 9.2.0357. It is, therefore, affected by a vulnerability as referenced in the GHSA-cwgx-gcj7-6qh8 advisory. - A command injection vulnerability exists in Vim's tag file processing. A malicious tags file containing backtick-enclosed shell...
USN-8342-1: Vim vulnerability
It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands...
USN-8342-1 vim vulnerability
It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8246-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8246-1 advisory. Micha Majchrowicz discovered that Vims zip plugin could overwrite arbitrary files. An attacker could possibly use this...
MGASA-2026-0123 Updated vim packages fix security vulnerabilities
Ex command injection in Vims NetBeans integration. CVE-2026-39881 Command injection via backtick expansion in tag filenames in Vim v9.2.0357. CVE-2026-41411 OS Command Injection in netrw affects Vim 9.2.0383. CVE-2026-42307 OS Command Injection via 'path' completion affects Vim 9.2.0435...
Updated vim packages fix security vulnerabilities
Ex command injection in Vims NetBeans integration. CVE-2026-39881 Command injection via backtick expansion in tag filenames in Vim v9.2.0357. CVE-2026-41411 OS Command Injection in netrw affects Vim 9.2.0383. CVE-2026-42307 OS Command Injection via 'path' completion affects Vim 9.2.0435...
USN-8246-1: Vim vulnerabilities
Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. CVE-2026-35177 It was discovered that Vim’s netbeans interface did not...
USN-8246-1 vim vulnerabilities
Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. CVE-2026-35177 It was discovered that Vim’s netbeans interface did not...
Vim: Command injection via backtick expansion in tag filenames
...
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2022-4515
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...