Search criteria
Related vulnerabilities
OPENSUSE-SU-2026:20828-1
Vulnerability from csaf_opensuse - Published: 2026-05-28 12:13 - Updated: 2026-05-28 12:13Summary
Security update for vim
Severity
Important
Notes
Title of the patch: Security update for vim
Description of the patch: This update for vim fixes the following issues
- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).
- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin
bundled with Vim (bsc#1264706).
- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).
- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line
completion (bsc#1264707).
- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when
loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).
- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`
archives on Unix-like systems (bsc#1265360).
Changes for vim:
- Update to v9.2.0530.
- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)
Patchnames: openSUSE-Leap-16.0-817
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues\n\n- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).\n- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin\n bundled with Vim (bsc#1264706).\n- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).\n- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim\u0027s: find command-line\n completion (bsc#1264707).\n- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when\n loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).\n- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`\n archives on Unix-like systems (bsc#1265360).\n\nChanges for vim:\n\n- Update to v9.2.0530.\n- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-817",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20828-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1261833",
"url": "https://bugzilla.suse.com/1261833"
},
{
"category": "self",
"summary": "SUSE Bug 1262395",
"url": "https://bugzilla.suse.com/1262395"
},
{
"category": "self",
"summary": "SUSE Bug 1264706",
"url": "https://bugzilla.suse.com/1264706"
},
{
"category": "self",
"summary": "SUSE Bug 1264707",
"url": "https://bugzilla.suse.com/1264707"
},
{
"category": "self",
"summary": "SUSE Bug 1264708",
"url": "https://bugzilla.suse.com/1264708"
},
{
"category": "self",
"summary": "SUSE Bug 1265349",
"url": "https://bugzilla.suse.com/1265349"
},
{
"category": "self",
"summary": "SUSE Bug 1265360",
"url": "https://bugzilla.suse.com/1265360"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43961 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44656 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45130 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46483 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46483/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-05-28T12:13:40Z",
"generator": {
"date": "2026-05-28T12:13:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20828-1",
"initial_release_date": "2026-05-28T12:13:40Z",
"revision_history": [
{
"date": "2026-05-28T12:13:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0530-160000.1.1.aarch64",
"product": {
"name": "gvim-9.2.0530-160000.1.1.aarch64",
"product_id": "gvim-9.2.0530-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0530-160000.1.1.aarch64",
"product": {
"name": "vim-9.2.0530-160000.1.1.aarch64",
"product_id": "vim-9.2.0530-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.aarch64",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.aarch64",
"product_id": "vim-small-9.2.0530-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0530-160000.1.1.aarch64",
"product": {
"name": "xxd-9.2.0530-160000.1.1.aarch64",
"product_id": "xxd-9.2.0530-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.2.0530-160000.1.1.noarch",
"product": {
"name": "vim-data-9.2.0530-160000.1.1.noarch",
"product_id": "vim-data-9.2.0530-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.2.0530-160000.1.1.noarch",
"product": {
"name": "vim-data-common-9.2.0530-160000.1.1.noarch",
"product_id": "vim-data-common-9.2.0530-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0530-160000.1.1.ppc64le",
"product": {
"name": "gvim-9.2.0530-160000.1.1.ppc64le",
"product_id": "gvim-9.2.0530-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.2.0530-160000.1.1.ppc64le",
"product": {
"name": "vim-9.2.0530-160000.1.1.ppc64le",
"product_id": "vim-9.2.0530-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.ppc64le",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.ppc64le",
"product_id": "vim-small-9.2.0530-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0530-160000.1.1.ppc64le",
"product": {
"name": "xxd-9.2.0530-160000.1.1.ppc64le",
"product_id": "xxd-9.2.0530-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0530-160000.1.1.s390x",
"product": {
"name": "gvim-9.2.0530-160000.1.1.s390x",
"product_id": "gvim-9.2.0530-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.2.0530-160000.1.1.s390x",
"product": {
"name": "vim-9.2.0530-160000.1.1.s390x",
"product_id": "vim-9.2.0530-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.s390x",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.s390x",
"product_id": "vim-small-9.2.0530-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0530-160000.1.1.s390x",
"product": {
"name": "xxd-9.2.0530-160000.1.1.s390x",
"product_id": "xxd-9.2.0530-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0530-160000.1.1.x86_64",
"product": {
"name": "gvim-9.2.0530-160000.1.1.x86_64",
"product_id": "gvim-9.2.0530-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0530-160000.1.1.x86_64",
"product": {
"name": "vim-9.2.0530-160000.1.1.x86_64",
"product_id": "vim-9.2.0530-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.x86_64",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.x86_64",
"product_id": "vim-small-9.2.0530-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0530-160000.1.1.x86_64",
"product": {
"name": "xxd-9.2.0530-160000.1.1.x86_64",
"product_id": "xxd-9.2.0530-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0530-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64"
},
"product_reference": "gvim-9.2.0530-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0530-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le"
},
"product_reference": "gvim-9.2.0530-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0530-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x"
},
"product_reference": "gvim-9.2.0530-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0530-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64"
},
"product_reference": "gvim-9.2.0530-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0530-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64"
},
"product_reference": "vim-9.2.0530-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0530-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le"
},
"product_reference": "vim-9.2.0530-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0530-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x"
},
"product_reference": "vim-9.2.0530-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0530-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64"
},
"product_reference": "vim-9.2.0530-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0530-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch"
},
"product_reference": "vim-data-9.2.0530-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0530-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0530-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0530-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64"
},
"product_reference": "xxd-9.2.0530-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0530-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le"
},
"product_reference": "xxd-9.2.0530-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0530-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x"
},
"product_reference": "xxd-9.2.0530-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0530-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
},
"product_reference": "xxd-9.2.0530-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39881"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim\u0027s netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39881",
"url": "https://www.suse.com/security/cve/CVE-2026-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1261833 for CVE-2026-39881",
"url": "https://bugzilla.suse.com/1261833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:40Z",
"details": "moderate"
}
],
"title": "CVE-2026-39881"
},
{
"cve": "CVE-2026-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42307"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42307",
"url": "https://www.suse.com/security/cve/CVE-2026-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1264706 for CVE-2026-42307",
"url": "https://bugzilla.suse.com/1264706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:40Z",
"details": "moderate"
}
],
"title": "CVE-2026-42307"
},
{
"cve": "CVE-2026-43961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43961"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43961",
"url": "https://www.suse.com/security/cve/CVE-2026-43961"
},
{
"category": "external",
"summary": "SUSE Bug 1265349 for CVE-2026-43961",
"url": "https://bugzilla.suse.com/1265349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:40Z",
"details": "moderate"
}
],
"title": "CVE-2026-43961"
},
{
"cve": "CVE-2026-44656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44656"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim\u0027s :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44656",
"url": "https://www.suse.com/security/cve/CVE-2026-44656"
},
{
"category": "external",
"summary": "SUSE Bug 1264707 for CVE-2026-44656",
"url": "https://bugzilla.suse.com/1264707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:40Z",
"details": "moderate"
}
],
"title": "CVE-2026-44656"
},
{
"cve": "CVE-2026-45130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45130"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file\u0027s compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the \u0027spelllang\u0027 option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45130",
"url": "https://www.suse.com/security/cve/CVE-2026-45130"
},
{
"category": "external",
"summary": "SUSE Bug 1264708 for CVE-2026-45130",
"url": "https://bugzilla.suse.com/1264708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:40Z",
"details": "moderate"
}
],
"title": "CVE-2026-45130"
},
{
"cve": "CVE-2026-46483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46483"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in\nruntime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user\u0027s context. This vulnerability is fixed in 9.2.0479.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46483",
"url": "https://www.suse.com/security/cve/CVE-2026-46483"
},
{
"category": "external",
"summary": "SUSE Bug 1265360 for CVE-2026-46483",
"url": "https://bugzilla.suse.com/1265360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:gvim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:vim-data-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-data-common-9.2.0530-160000.1.1.noarch",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:vim-small-9.2.0530-160000.1.1.x86_64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.aarch64",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.ppc64le",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.s390x",
"openSUSE Leap 16.0:xxd-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:40Z",
"details": "important"
}
],
"title": "CVE-2026-46483"
}
]
}
SUSE-SU-2026:21840-1
Vulnerability from csaf_suse - Published: 2026-05-28 12:13 - Updated: 2026-05-28 12:13Summary
Security update for vim
Severity
Important
Notes
Title of the patch: Security update for vim
Description of the patch: This update for vim fixes the following issues
- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).
- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin
bundled with Vim (bsc#1264706).
- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).
- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line
completion (bsc#1264707).
- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when
loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).
- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`
archives on Unix-like systems (bsc#1265360).
Changes for vim:
- Update to v9.2.0530.
- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)
Patchnames: SUSE-SL-Micro-6.2-817
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues\n\n- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).\n- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin\n bundled with Vim (bsc#1264706).\n- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).\n- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim\u0027s: find command-line\n completion (bsc#1264707).\n- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when\n loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).\n- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`\n archives on Unix-like systems (bsc#1265360).\n\nChanges for vim:\n\n- Update to v9.2.0530.\n- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-817",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21840-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21840-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621840-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21840-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026385.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261833",
"url": "https://bugzilla.suse.com/1261833"
},
{
"category": "self",
"summary": "SUSE Bug 1262395",
"url": "https://bugzilla.suse.com/1262395"
},
{
"category": "self",
"summary": "SUSE Bug 1264706",
"url": "https://bugzilla.suse.com/1264706"
},
{
"category": "self",
"summary": "SUSE Bug 1264707",
"url": "https://bugzilla.suse.com/1264707"
},
{
"category": "self",
"summary": "SUSE Bug 1264708",
"url": "https://bugzilla.suse.com/1264708"
},
{
"category": "self",
"summary": "SUSE Bug 1265349",
"url": "https://bugzilla.suse.com/1265349"
},
{
"category": "self",
"summary": "SUSE Bug 1265360",
"url": "https://bugzilla.suse.com/1265360"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43961 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44656 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45130 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46483 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46483/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-05-28T12:13:46Z",
"generator": {
"date": "2026-05-28T12:13:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21840-1",
"initial_release_date": "2026-05-28T12:13:46Z",
"revision_history": [
{
"date": "2026-05-28T12:13:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.aarch64",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.aarch64",
"product_id": "vim-small-9.2.0530-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-common-9.2.0530-160000.1.1.noarch",
"product": {
"name": "vim-data-common-9.2.0530-160000.1.1.noarch",
"product_id": "vim-data-common-9.2.0530-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.ppc64le",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.ppc64le",
"product_id": "vim-small-9.2.0530-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.s390x",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.s390x",
"product_id": "vim-small-9.2.0530-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0530-160000.1.1.x86_64",
"product": {
"name": "vim-small-9.2.0530-160000.1.1.x86_64",
"product_id": "vim-small-9.2.0530-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0530-160000.1.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0530-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0530-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
},
"product_reference": "vim-small-9.2.0530-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39881"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim\u0027s netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39881",
"url": "https://www.suse.com/security/cve/CVE-2026-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1261833 for CVE-2026-39881",
"url": "https://bugzilla.suse.com/1261833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-39881"
},
{
"cve": "CVE-2026-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42307"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42307",
"url": "https://www.suse.com/security/cve/CVE-2026-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1264706 for CVE-2026-42307",
"url": "https://bugzilla.suse.com/1264706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-42307"
},
{
"cve": "CVE-2026-43961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43961"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43961",
"url": "https://www.suse.com/security/cve/CVE-2026-43961"
},
{
"category": "external",
"summary": "SUSE Bug 1265349 for CVE-2026-43961",
"url": "https://bugzilla.suse.com/1265349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-43961"
},
{
"cve": "CVE-2026-44656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44656"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim\u0027s :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44656",
"url": "https://www.suse.com/security/cve/CVE-2026-44656"
},
{
"category": "external",
"summary": "SUSE Bug 1264707 for CVE-2026-44656",
"url": "https://bugzilla.suse.com/1264707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-44656"
},
{
"cve": "CVE-2026-45130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45130"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file\u0027s compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the \u0027spelllang\u0027 option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45130",
"url": "https://www.suse.com/security/cve/CVE-2026-45130"
},
{
"category": "external",
"summary": "SUSE Bug 1264708 for CVE-2026-45130",
"url": "https://bugzilla.suse.com/1264708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-45130"
},
{
"cve": "CVE-2026-46483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46483"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in\nruntime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user\u0027s context. This vulnerability is fixed in 9.2.0479.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46483",
"url": "https://www.suse.com/security/cve/CVE-2026-46483"
},
{
"category": "external",
"summary": "SUSE Bug 1265360 for CVE-2026-46483",
"url": "https://bugzilla.suse.com/1265360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0530-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0530-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:13:46Z",
"details": "important"
}
],
"title": "CVE-2026-46483"
}
]
}