vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

CVE-2026-40173

Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...

Astra Linux - уязвимость в vim

A heap-based buffer overflow vulnerability exists in the cmdlineerasechars function in the GitHub repository of vim/vim, prior to version 8.2.4899. These vulnerabilities can cause software to crash, modify memory, and may lead to remote execution...

CLSA-2026-1777542146 vim: Fix of 3 CVEs

CVE-2023-1170: at the end of doput ops.c, clamp the cursor column back to the line length and recompute coladd under virtualedit=all so a Visual block put past the new NUL no longer leaves the cursor pointing past end-of-line. - CVE-2023-1175: in opyank ops.c, when the yank starts inside a...

CVE-2026-40173

Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...

PT-2026-33176

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.2 Description An unauthenticated credential disclosure exists where the '/debug/pprof/cmdline' endpoint is registered on the default mux and accessible without authentication. This exposes the full process command...

SUSE CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

EUVD-2026-15363

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

Linux Distros Unpatched Vulnerability : CVE-2026-23374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesav...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003276 advisory. A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environme...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001245)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001245 advisory. A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environme...

PT-2026-27739

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc1lblk+ 84 Description The Linux kernel's blktrace component contains an issue where this cpu read and this cpu write are used in a preemptible context. Specifically, tracing record cmdline utilizes these...

SUSE CVE-2018-25153

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the reported issue does not constitute a security vulnerability and represents a minor, non-exploitable memory leak...

Linux Distros Unpatched Vulnerability : CVE-2018-25153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by...

GO-2025-4001 Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd

Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd...