825 matches found
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
vim: Vim: Arbitrary code execution via command injection in glob() function
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...
vim: Vim: Arbitrary code execution via command injection in glob() function
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...
vim: Vim: Arbitrary code execution via command injection in glob() function
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...
RHEL 7 : vim (RHSA-2026:6617)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6617 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...
RHEL 9 : vim (RHSA-2026:6619)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6619 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...
RHEL 9 : vim (RHSA-2026:6620)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6620 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...
SUSE-SU-2026:20997-1 Security update for cockpit-repos
This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...
SUSE-SU-2026:20973-1 Security update for cockpit-repos
This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...
RHEL 10 : vim (RHSA-2026:6502)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6502 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' opti...
vim: Vim: Arbitrary code execution via command injection in glob() function
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...
vim: Vim: Arbitrary code execution via command injection in glob() function
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...
vim: Vim: Arbitrary code execution via command injection in glob() function
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
CVE-2026-32973
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...
CVE-2026-32973
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...
CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
...
Improper Input Validation
activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...
OESA-2026-1781 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...