9 matches found
SUSE-SU-2026:2236-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...
CLSA-2026-1780388996 Fix CVE(s): CVE-2026-46483
SECURITY UPDATE: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use shellescapetartail, 1 for :! commands - debian/patches/CVE-2026-46483.patch: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use...
SUSE-SU-2026:21944-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...
Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
...
SUSE CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...
CVE-2026-46483
Summary (CVE-2026-46483): Vim for Unix-like systems is vulnerable prior to version 9.2.0479 due to a command injection in tar#Vimuntar() within runtime/autoload/tar.vim when decompressing .tgz archives. The function constructs shell commands using shellescape(tartail) without the {special} flag, ...
CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...
CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...