CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: condresched was added to getswappages. A softlockup still occurs in getswappages under memory pressure. With 64 CPU cores, 64GB of memory, and 28 zram devices, the size of each zram device is 50MB, and they all have...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid mapping the wrong physical block for the swapfile. Xiaolong Guo reported a bug related to f2fs in bugzilla 1. 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 As quoted: “When using the ‘stress-ng’ swap...

EulerOS Virtualization 2.12.1 : vim (EulerOS-SA-2026-2091)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF03 Vulnerability Details CVEID:CVE-2026-28417 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw...

Oracle Linux 10 : vim (ELSA-2026-11389)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11389 advisory. - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155409 CVE-2026-28421 vim: Vim: Denial of servic...

Oracle Linux 9 : vim (ELSA-2026-11510)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11510 advisory. - RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin - RHEL-155422 CVE-2026-28421 vim: Vim: Denial of...

vim security update

8.2.2637-23.0.1.el97.3 - Remove upstream references Orabug: 31197557 2:8.2.2637-23.3 - Resolves: RHEL-164965 vim: arbitrary command execution via modeline sandbox bypass 2:8.2.2637-23.2 - RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin -...

TencentOS Server 2: vim (TSSA-2026:0257)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0257 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

vim security update

9.1.083-6.0.1.el101.4 - Remove upstream references Orabug: 31197557 2:9.1.083-6.4 - Resolves: RHEL-164951 vim: arbitrary command execution via modeline sandbox bypass 2:9.1.083-6.3 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function 2:9.1.083-6.2...

MiracleLinux 9 : vim-8.2.2637-23.el9_7.2.ML.1 (AXSA:2026-447:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-447:08 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure...

K000160853: Multiple Vim vulnerabilities

Security Advisory Description CVE-2026-28417 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an...

RLSA-2026:8259 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

vim security update

An update is available for vim. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.28 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

AlmaLinux 9 : vim (ALSA-2026:8259)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8259 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via...

RockyLinux 9 : vim (RLSA-2026:8259)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8259 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007179)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007179 advisory. Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recove...

RHEL 9 : vim (RHSA-2026:8259)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8259 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command...