CLSA-2026-1777568566 vim: Fix of CVE-2026-39881

CVE-2026-39881: fix command injection in netbeans interface by validating defineAnnoType typeName/fg/bg and specialKeys tokens against an allowlist of safe characters before interpolating them into Ex commands...

CLSA-2026-1777625424 Fix CVE(s): CVE-2026-39881

SECURITY UPDATE: Command injection in netbeans interface - debian/patches/CVE-2026-39881.patch: add nbissafestring in src/netbeans.c and validate typeName, fg and bg in defineAnnoType and key tokens in specialkeys against an allowlist before they reach coloncmd/domap, preventing a malicious...

CLSA-2026-1777567716 vim: Fix of CVE-2026-39881

CVE-2026-39881: fix command injection in netbeans interface by validating defineAnnoType typeName/fg/bg and specialKeys tokens against an allowlist of safe characters before interpolating them into Ex commands...

ALPINE-CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

SUSE CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

USN-5613-1 vim vulnerabilities

It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-0943 It was discovered that Vim was using freed memory when dealing with regula...

vim: Out-of-bounds Write

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the excmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

vim: Out-of-bounds Write

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the excmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

The vulnerability of the src/ex_cmds.c component of the text editor Vim, allowing a hacker to execute arbitrary code.

The vulnerability of the src/excmds.c component of the text editor Vim relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

DEBIAN-CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

vim-sanitize.txt

Vim: Arbitrary Code Execution in Commands: K, Control-, g 1. SUMMARY Product : Vim -- Vi IMproved Versions : 3.0--current, possibly older Impact : Arbitrary code execution Wherefrom: Local Original : http://www.rdancer.org/vulnerablevim-K.html Insufficient sanitization can lead to Vim executing...