23 matches found
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
SUSE-SU-2026:2236-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...
SUSE-SU-2026:2233-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...
CLSA-2026-1780388996 Fix CVE(s): CVE-2026-46483
SECURITY UPDATE: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use shellescapetartail, 1 for :! commands - debian/patches/CVE-2026-46483.patch: OS command injection in tarVimuntar in runtime/autoload/tar.vim via crafted .tgz filename use...
SUSE SLES16 Security Update : vim (SUSE-SU-2026:21859-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21859-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary fil...
SUSE-SU-2026:21944-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...
vim: Fix of CVE-2026-46483
CVE-2026-46483: fix command injection in the tar plugin's tarVimuntar function by using the correct shellescapetartail, 1 form so that a crafted .tgz filename cannot trigger cmdline-special expansion in the :! command...
CLSA-2026-1780055179 Fix CVE(s): CVE-2026-46483
SECURITY UPDATE: command injection in tar plugin Vimuntar - debian/patches/CVE-2026-46483.patch: pass shellescapetartail, 1 instead of shellescapetartail in the two :!gunzip / :!gzip -d lines of runtime/autoload/tar.vim::tarVimuntar so Vim's special characters !, %, are escaped before the filenam...
SUSE-SU-2026:21859-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...
OPENSUSE-SU-2026:20828-1 Security update for vim
This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...
CLSA-2026-1779583115 vim: Fix of CVE-2026-46483
CVE-2026-46483: fix command injection in tar plugin Vimuntar when decompressing .tgz archives by passing the special flag to shellescape upstream vim 9.2.0479...
CLSA-2026-1779582830 vim: Fix of CVE-2026-46483
CVE-2026-46483: fix command injection in tar plugin Vimuntar when decompressing .tgz archives by passing the special flag to shellescape upstream vim 9.2.0479...
CVE-2026-46483
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
...
SUSE CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...
CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...
CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...
CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...