Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-34982 (GCVE-0-2026-34982)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:16 – Updated: 2026-07-07 12:05- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-06T15:19:17.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:56:01.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-06T15:16:48.809Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T12:05:05.602Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"name": "RHBZ#2455400",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30900"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11389"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19073"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11509"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33453"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34477"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28049"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28050"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11510"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19224"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36004"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30078"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21275"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:30900: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:11389: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19073: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:11509: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:33453: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34477: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:34476: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:28133: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:28049: Red Hat Enterprise Linux AppStream E4S (v.9.4), Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:28050: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:11510: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19224: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:36004: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:36005: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:36006: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:22634: Red Hat Insights proxy 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:21275: Red Hat Update Infrastructure 5"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-06T16:02:10.004Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-06T15:16:48.809Z",
"value": "Made public."
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~"
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0276"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:16:48.809Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
},
{
"name": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
}
],
"source": {
"advisory": "GHSA-8h6p-m6gr-mpw9",
"discovery": "UNKNOWN"
},
"title": "Vim modeline bypass via various options affects Vim \u003c 9.2.0276"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34982",
"datePublished": "2026-04-06T15:16:48.809Z",
"dateReserved": "2026-03-31T19:38:31.617Z",
"dateUpdated": "2026-07-07T12:05:05.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-34982",
"date": "2026-07-10",
"epss": "0.0047",
"percentile": "0.37432"
},
"microsoft_vex": {
"current_release_date": "2026-04-09T01:02:34.000Z",
"cve": "CVE-2026-34982",
"id": "msrc_CVE-2026-34982",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:fixed": "1",
"product_status:known_affected": "2",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Vim modeline bypass via various options affects Vim \u003c 9.2.0276",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-34982.json",
"version": "2"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-34982\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-06T16:16:38.777\",\"lastModified\":\"2026-07-07T12:16:39.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"vim\",\"product\":\"vim\",\"versions\":[{\"version\":\"\u003c 9.2.0276\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.2::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Insights proxy 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:insights_proxy:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.8},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-06T00:00:00+00:00\",\"id\":\"CVE-2026-34982\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.0276\",\"matchCriteriaId\":\"B64DB9F0-F10B-40FA-A094-9178E5991FFF\"}]}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/releases/tag/v9.2.0276\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11389\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11509\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11510\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19073\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19224\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21275\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22634\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28049\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28050\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28133\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30078\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30087\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30088\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30900\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33453\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34476\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34477\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36004\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36005\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36006\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-34982\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2455400\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-06T19:09:46+00:00",
"cve": "CVE-2026-34982",
"id": "CVE-2026-34982",
"initial_release_date": "2026-04-06T15:16:48.809000+00:00",
"product_status:fixed": "641",
"product_status:known_affected": "13",
"product_status:known_not_affected": "111",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "vim: arbitrary command execution via modeline sandbox bypass",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/01/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-06T15:19:17.901Z\"}}, {\"title\": \"vim: arbitrary command execution via modeline sandbox bypass\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\", \"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\", \"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS AUS (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS TUS (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.9.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-06T16:02:10.004Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-06T15:16:48.809Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:30900: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11389: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19073: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11509: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33453: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34477: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34476: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28133: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28049: Red Hat Enterprise Linux AppStream E4S (v.9.4), Red Hat Enterprise Linux BaseOS E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28050: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11510: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19224: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36004: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36005: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36006: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30078: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30089: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30088: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30087: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22634: Red Hat Insights proxy 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21275: Red Hat Update Infrastructure 5\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-04-06T15:16:48.809Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-34982\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2455400\", \"name\": \"RHBZ#2455400\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30900\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11389\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19073\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11509\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33453\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34477\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34476\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28133\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28049\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28050\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11510\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19224\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36004\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36005\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36006\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30078\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30088\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30087\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21275\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\\n\\n~~~\\nset nomodeline\\n~~~\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-07T12:05:05.602Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34982\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-06T15:33:37.790133Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-06T15:33:40.983Z\"}}], \"cna\": {\"title\": \"Vim modeline bypass via various options affects Vim \u003c 9.2.0276\", \"source\": {\"advisory\": \"GHSA-8h6p-m6gr-mpw9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 9.2.0276\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615\", \"name\": \"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vim/vim/releases/tag/v9.2.0276\", \"name\": \"https://github.com/vim/vim/releases/tag/v9.2.0276\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-06T15:16:48.809Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-34982\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-07T12:05:05.602Z\", \"dateReserved\": \"2026-03-31T19:38:31.617Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-06T15:16:48.809Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:36005
Vulnerability from csaf_redhat - Published: 2026-07-06 16:43 - Updated: 2026-07-08 06:40A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system's event loop, causing the server to crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python's IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36005",
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26740",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33845",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33846",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34755",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34756",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41523",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42009",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42010",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48746",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54235",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54283",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36005.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)",
"tracking": {
"current_release_date": "2026-07-08T06:40:54+00:00",
"generator": {
"date": "2026-07-08T06:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36005",
"initial_release_date": "2026-07-06T16:43:22+00:00",
"revision_history": [
{
"date": "2026-07-06T16:43:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T16:43:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T06:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis/vllm-cuda-rhel9\u0026tag=1782951012"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis/vllm-cuda-rhel9\u0026tag=1782951012"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26740",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-03-18T19:01:41.415027+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448747"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The openjdk-headless packages do not include java.desktop, which is the only code that uses giflib. Therefore, headless-only environments are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "RHBZ#2448747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md",
"url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension"
},
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"cve": "CVE-2026-34755",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-06T16:02:21.718949+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Denial of Service due to excessive video frame processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "RHBZ#2455403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34755"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
}
],
"release_date": "2026-04-06T15:38:53.201000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Denial of Service due to excessive video frame processing"
},
{
"cve": "CVE-2026-34756",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-04-06T16:03:45.222577+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455425"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large \u0027n\u0027 parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system\u0027s event loop, causing the server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "RHBZ#2455425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380",
"url": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/37952",
"url": "https://github.com/vllm-project/vllm/pull/37952"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"
}
],
"release_date": "2026-04-06T15:40:03.448000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API"
},
{
"cve": "CVE-2026-34982",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-06T16:02:10.004743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary command execution via modeline sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "RHBZ#2455400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
}
],
"release_date": "2026-04-06T15:16:48.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass"
},
{
"cve": "CVE-2026-41523",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-06-22T23:01:00.799590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this issue as having Important impact for Red Hat AI Inference Server and Red Hat OpenShift AI vLLM serving images, and Moderate impact for Red Hat Enterprise Linux AI bootc images that bundle vLLM. Exploitation requires loading an untrusted HuggingFace cross-encoder model while the vLLM process runs with Python optimized mode (python -O or PYTHONOPTIMIZE=1). Red Hat AI Inference Server 3.2/3.3 images and other components without the vulnerable pooler activation loader (vLLM \u003c 0.14.0) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "RHBZ#2491582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41523"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3",
"url": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c",
"url": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c"
}
],
"release_date": "2026-06-22T22:18:14.494000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Avoid running vLLM with python -O or PYTHONOPTIMIZE=1 until updated packages are available. Only load models from trusted sources. Restrict who can deploy or update models on inference endpoints. Apply network access controls and authentication in front of vLLM APIs.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42010",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-06T16:57:37.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Authentication Bypass via NUL Character in Username",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "RHBZ#2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
},
{
"cve": "CVE-2026-48746",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-06-22T23:00:57.824402+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491581"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette\u0027s trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2026-48746 is an authentication bypass in the vLLM OpenAI-compatible API server. A remote attacker who can reach the vLLM endpoint directly can craft a Host header so the authentication middleware checks a different URL path than the one actually dispatched, bypassing VLLM_API_KEY / --api-key protection. Successful exploitation allows unauthorized inference API access, which can result in confidentiality loss (model/prompt abuse) and availability impact (resource exhaustion). The flaw does not provide integrity compromise or arbitrary code execution. Exploitation requires vLLM API-key authentication to be enabled and the service to be exposed without an RFC-conforming reverse proxy that normalizes the Host header. Because Red Hat AI inference offerings are commonly deployed behind OpenShift Routes or similar proxies, and because the vulnerability is conditional on deployment and configuration, the overall flaw impact is rated Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "RHBZ#2491581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491581"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48746",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/43426",
"url": "https://github.com/vllm-project/vllm/pull/43426"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6"
},
{
"category": "external",
"summary": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette",
"url": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette"
}
],
"release_date": "2026-06-22T21:57:28.997000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Restrict network access to the vLLM API endpoint to only trusted clients and internal networks. Implement firewall rules or network policies to limit inbound connections to the vLLM service, thereby reducing the attack surface. This operational control helps prevent unauthorized external access to the vulnerable API.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access"
},
{
"cve": "CVE-2026-54235",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-06-22T23:01:07.102249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python\u0027s IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service due to improper floating-point validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact flaw in vLLM, as used in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI, allows for a denial of service. Improper validation of floating-point values like Not-a-Number (NaN) or positive Infinity in temperature parameters can bypass security checks, leading to undefined behavior or CUDA errors that crash the inference worker. This could be exploited by providing specially crafted input to the LLM inference engine.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "RHBZ#2491584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198",
"url": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/45116",
"url": "https://github.com/vllm-project/vllm/pull/45116"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823"
}
],
"release_date": "2026-06-22T21:59:02.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM: Denial of Service due to improper floating-point validation"
},
{
"cve": "CVE-2026-54283",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-22T18:01:06.194658+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion. This only affects applications that explicitly call request.form() on urlencoded input; JSON-only APIs and services where Starlette is a transitive dependency not used for form parsing are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "RHBZ#2491440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq"
}
],
"release_date": "2026-06-22T16:46:16.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS"
}
]
}
RHSA-2026:36006
Vulnerability from csaf_redhat - Published: 2026-07-06 16:44 - Updated: 2026-07-08 06:40A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system's event loop, causing the server to crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python's IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36006",
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26740",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33845",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33846",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34755",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34756",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41523",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42009",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42010",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48746",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54235",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54283",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36006.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)",
"tracking": {
"current_release_date": "2026-07-08T06:40:54+00:00",
"generator": {
"date": "2026-07-08T06:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36006",
"initial_release_date": "2026-07-06T16:44:03+00:00",
"revision_history": [
{
"date": "2026-07-06T16:44:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T16:44:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T06:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3A7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis/vllm-rocm-rhel9\u0026tag=1782951244"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26740",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-03-18T19:01:41.415027+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448747"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The openjdk-headless packages do not include java.desktop, which is the only code that uses giflib. Therefore, headless-only environments are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "RHBZ#2448747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md",
"url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension"
},
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"cve": "CVE-2026-34755",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-06T16:02:21.718949+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Denial of Service due to excessive video frame processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "RHBZ#2455403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34755"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
}
],
"release_date": "2026-04-06T15:38:53.201000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Denial of Service due to excessive video frame processing"
},
{
"cve": "CVE-2026-34756",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-04-06T16:03:45.222577+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455425"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large \u0027n\u0027 parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system\u0027s event loop, causing the server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "RHBZ#2455425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380",
"url": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/37952",
"url": "https://github.com/vllm-project/vllm/pull/37952"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"
}
],
"release_date": "2026-04-06T15:40:03.448000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API"
},
{
"cve": "CVE-2026-34982",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-06T16:02:10.004743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary command execution via modeline sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "RHBZ#2455400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
}
],
"release_date": "2026-04-06T15:16:48.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass"
},
{
"cve": "CVE-2026-41523",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-06-22T23:01:00.799590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this issue as having Important impact for Red Hat AI Inference Server and Red Hat OpenShift AI vLLM serving images, and Moderate impact for Red Hat Enterprise Linux AI bootc images that bundle vLLM. Exploitation requires loading an untrusted HuggingFace cross-encoder model while the vLLM process runs with Python optimized mode (python -O or PYTHONOPTIMIZE=1). Red Hat AI Inference Server 3.2/3.3 images and other components without the vulnerable pooler activation loader (vLLM \u003c 0.14.0) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "RHBZ#2491582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41523"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3",
"url": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c",
"url": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c"
}
],
"release_date": "2026-06-22T22:18:14.494000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Avoid running vLLM with python -O or PYTHONOPTIMIZE=1 until updated packages are available. Only load models from trusted sources. Restrict who can deploy or update models on inference endpoints. Apply network access controls and authentication in front of vLLM APIs.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42010",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-06T16:57:37.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Authentication Bypass via NUL Character in Username",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "RHBZ#2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
},
{
"cve": "CVE-2026-48746",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-06-22T23:00:57.824402+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491581"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette\u0027s trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2026-48746 is an authentication bypass in the vLLM OpenAI-compatible API server. A remote attacker who can reach the vLLM endpoint directly can craft a Host header so the authentication middleware checks a different URL path than the one actually dispatched, bypassing VLLM_API_KEY / --api-key protection. Successful exploitation allows unauthorized inference API access, which can result in confidentiality loss (model/prompt abuse) and availability impact (resource exhaustion). The flaw does not provide integrity compromise or arbitrary code execution. Exploitation requires vLLM API-key authentication to be enabled and the service to be exposed without an RFC-conforming reverse proxy that normalizes the Host header. Because Red Hat AI inference offerings are commonly deployed behind OpenShift Routes or similar proxies, and because the vulnerability is conditional on deployment and configuration, the overall flaw impact is rated Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "RHBZ#2491581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491581"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48746",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/43426",
"url": "https://github.com/vllm-project/vllm/pull/43426"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6"
},
{
"category": "external",
"summary": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette",
"url": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette"
}
],
"release_date": "2026-06-22T21:57:28.997000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Restrict network access to the vLLM API endpoint to only trusted clients and internal networks. Implement firewall rules or network policies to limit inbound connections to the vLLM service, thereby reducing the attack surface. This operational control helps prevent unauthorized external access to the vulnerable API.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access"
},
{
"cve": "CVE-2026-54235",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-06-22T23:01:07.102249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python\u0027s IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service due to improper floating-point validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact flaw in vLLM, as used in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI, allows for a denial of service. Improper validation of floating-point values like Not-a-Number (NaN) or positive Infinity in temperature parameters can bypass security checks, leading to undefined behavior or CUDA errors that crash the inference worker. This could be exploited by providing specially crafted input to the LLM inference engine.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "RHBZ#2491584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198",
"url": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/45116",
"url": "https://github.com/vllm-project/vllm/pull/45116"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823"
}
],
"release_date": "2026-06-22T21:59:02.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM: Denial of Service due to improper floating-point validation"
},
{
"cve": "CVE-2026-54283",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-22T18:01:06.194658+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion. This only affects applications that explicitly call request.form() on urlencoded input; JSON-only APIs and services where Starlette is a transitive dependency not used for form parsing are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "RHBZ#2491440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq"
}
],
"release_date": "2026-06-22T16:46:16.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS"
}
]
}
SUSE-SU-2026:1347-1
Vulnerability from csaf_suse - Published: 2026-04-15 12:26 - Updated: 2026-04-15 12:26| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.2.0280.\n\n- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command\n execution (bsc#1261271).\n- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution\n (bsc#1261191).\n- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to\n arbitrary code execution (bsc#1259985).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1347,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1347,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1347",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1347-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1347-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261347-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1347-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045569.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-15T12:26:44Z",
"generator": {
"date": "2026-04-15T12:26:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1347-1",
"initial_release_date": "2026-04-15T12:26:44Z",
"revision_history": [
{
"date": "2026-04-15T12:26:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-17.62.1.aarch64",
"product": {
"name": "gvim-9.2.0280-17.62.1.aarch64",
"product_id": "gvim-9.2.0280-17.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-17.62.1.aarch64",
"product": {
"name": "vim-9.2.0280-17.62.1.aarch64",
"product_id": "vim-9.2.0280-17.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-17.62.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-17.62.1.aarch64",
"product_id": "vim-small-9.2.0280-17.62.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-17.62.1.i586",
"product": {
"name": "gvim-9.2.0280-17.62.1.i586",
"product_id": "gvim-9.2.0280-17.62.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-17.62.1.i586",
"product": {
"name": "vim-9.2.0280-17.62.1.i586",
"product_id": "vim-9.2.0280-17.62.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-17.62.1.i586",
"product": {
"name": "vim-small-9.2.0280-17.62.1.i586",
"product_id": "vim-small-9.2.0280-17.62.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.2.0280-17.62.1.noarch",
"product": {
"name": "vim-data-9.2.0280-17.62.1.noarch",
"product_id": "vim-data-9.2.0280-17.62.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-17.62.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-17.62.1.noarch",
"product_id": "vim-data-common-9.2.0280-17.62.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-17.62.1.ppc64le",
"product": {
"name": "gvim-9.2.0280-17.62.1.ppc64le",
"product_id": "gvim-9.2.0280-17.62.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-17.62.1.ppc64le",
"product": {
"name": "vim-9.2.0280-17.62.1.ppc64le",
"product_id": "vim-9.2.0280-17.62.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-17.62.1.ppc64le",
"product": {
"name": "vim-small-9.2.0280-17.62.1.ppc64le",
"product_id": "vim-small-9.2.0280-17.62.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-17.62.1.s390x",
"product": {
"name": "gvim-9.2.0280-17.62.1.s390x",
"product_id": "gvim-9.2.0280-17.62.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-17.62.1.s390x",
"product": {
"name": "vim-9.2.0280-17.62.1.s390x",
"product_id": "vim-9.2.0280-17.62.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-17.62.1.s390x",
"product": {
"name": "vim-small-9.2.0280-17.62.1.s390x",
"product_id": "vim-small-9.2.0280-17.62.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-17.62.1.x86_64",
"product": {
"name": "gvim-9.2.0280-17.62.1.x86_64",
"product_id": "gvim-9.2.0280-17.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-17.62.1.x86_64",
"product": {
"name": "vim-9.2.0280-17.62.1.x86_64",
"product_id": "vim-9.2.0280-17.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-17.62.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-17.62.1.x86_64",
"product_id": "vim-small-9.2.0280-17.62.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-17.62.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64"
},
"product_reference": "gvim-9.2.0280-17.62.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-17.62.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-17.62.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-17.62.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x"
},
"product_reference": "gvim-9.2.0280-17.62.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-17.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64"
},
"product_reference": "gvim-9.2.0280-17.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-17.62.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64"
},
"product_reference": "vim-9.2.0280-17.62.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-17.62.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le"
},
"product_reference": "vim-9.2.0280-17.62.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-17.62.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x"
},
"product_reference": "vim-9.2.0280-17.62.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-17.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64"
},
"product_reference": "vim-9.2.0280-17.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-17.62.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch"
},
"product_reference": "vim-data-9.2.0280-17.62.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-17.62.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-17.62.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-17.62.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64"
},
"product_reference": "gvim-9.2.0280-17.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-17.62.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64"
},
"product_reference": "vim-9.2.0280-17.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-17.62.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch"
},
"product_reference": "vim-data-9.2.0280-17.62.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-17.62.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-17.62.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T12:26:44Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T12:26:44Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:vim-data-common-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.2.0280-17.62.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.2.0280-17.62.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.2.0280-17.62.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T12:26:44Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
SUSE-SU-2026:1387-1
Vulnerability from csaf_suse - Published: 2026-04-16 09:17 - Updated: 2026-04-16 09:17| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.2.0280.\n\n- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command\n execution (bsc#1261271).\n- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution\n (bsc#1261191).\n- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to\n arbitrary code execution (bsc#1259985).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1387,SUSE-SLE-Micro-5.3-2026-1387,SUSE-SLE-Micro-5.4-2026-1387,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1387,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1387,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1387,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1387,SUSE-SUSE-MicroOS-5.2-2026-1387",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1387-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1387-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261387-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1387-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045614.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-16T09:17:53Z",
"generator": {
"date": "2026-04-16T09:17:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1387-1",
"initial_release_date": "2026-04-16T09:17:53Z",
"revision_history": [
{
"date": "2026-04-16T09:17:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150000.5.89.1.aarch64",
"product": {
"name": "gvim-9.2.0280-150000.5.89.1.aarch64",
"product_id": "gvim-9.2.0280-150000.5.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150000.5.89.1.aarch64",
"product": {
"name": "vim-9.2.0280-150000.5.89.1.aarch64",
"product_id": "vim-9.2.0280-150000.5.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"product_id": "vim-small-9.2.0280-150000.5.89.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150000.5.89.1.i586",
"product": {
"name": "gvim-9.2.0280-150000.5.89.1.i586",
"product_id": "gvim-9.2.0280-150000.5.89.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150000.5.89.1.i586",
"product": {
"name": "vim-9.2.0280-150000.5.89.1.i586",
"product_id": "vim-9.2.0280-150000.5.89.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150000.5.89.1.i586",
"product": {
"name": "vim-small-9.2.0280-150000.5.89.1.i586",
"product_id": "vim-small-9.2.0280-150000.5.89.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.2.0280-150000.5.89.1.noarch",
"product": {
"name": "vim-data-9.2.0280-150000.5.89.1.noarch",
"product_id": "vim-data-9.2.0280-150000.5.89.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"product_id": "vim-data-common-9.2.0280-150000.5.89.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150000.5.89.1.ppc64le",
"product": {
"name": "gvim-9.2.0280-150000.5.89.1.ppc64le",
"product_id": "gvim-9.2.0280-150000.5.89.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150000.5.89.1.ppc64le",
"product": {
"name": "vim-9.2.0280-150000.5.89.1.ppc64le",
"product_id": "vim-9.2.0280-150000.5.89.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150000.5.89.1.ppc64le",
"product": {
"name": "vim-small-9.2.0280-150000.5.89.1.ppc64le",
"product_id": "vim-small-9.2.0280-150000.5.89.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150000.5.89.1.s390x",
"product": {
"name": "gvim-9.2.0280-150000.5.89.1.s390x",
"product_id": "gvim-9.2.0280-150000.5.89.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150000.5.89.1.s390x",
"product": {
"name": "vim-9.2.0280-150000.5.89.1.s390x",
"product_id": "vim-9.2.0280-150000.5.89.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150000.5.89.1.s390x",
"product": {
"name": "vim-small-9.2.0280-150000.5.89.1.s390x",
"product_id": "vim-small-9.2.0280-150000.5.89.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150000.5.89.1.x86_64",
"product": {
"name": "gvim-9.2.0280-150000.5.89.1.x86_64",
"product_id": "gvim-9.2.0280-150000.5.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150000.5.89.1.x86_64",
"product": {
"name": "vim-9.2.0280-150000.5.89.1.x86_64",
"product_id": "vim-9.2.0280-150000.5.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"product_id": "vim-small-9.2.0280-150000.5.89.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150000.5.89.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150000.5.89.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150000.5.89.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150000.5.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "external",
"summary": "SUSE Bug 1262591 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1262591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-16T09:17:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "external",
"summary": "SUSE Bug 1262396 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1262396"
},
{
"category": "external",
"summary": "SUSE Bug 1264728 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1264728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-16T09:17:53Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:vim-small-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:gvim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-9.2.0280-150000.5.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-data-common-9.2.0280-150000.5.89.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:vim-small-9.2.0280-150000.5.89.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-16T09:17:53Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
SUSE-SU-2026:1607-1
Vulnerability from csaf_suse - Published: 2026-04-24 11:50 - Updated: 2026-04-24 11:50| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.2.0280.\n\n- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command\n execution (bsc#1261271).\n- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution\n (bsc#1261191).\n- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to\n arbitrary code execution (bsc#1259985).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1607,SUSE-SLE-Micro-5.5-2026-1607,SUSE-SLE-Module-Basesystem-15-SP7-2026-1607,SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1607,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1607,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1607,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1607,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1607,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1607,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1607,openSUSE-SLE-15.6-2026-1607",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1607-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1607-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261607-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1607-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045933.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-24T11:50:57Z",
"generator": {
"date": "2026-04-24T11:50:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1607-1",
"initial_release_date": "2026-04-24T11:50:57Z",
"revision_history": [
{
"date": "2026-04-24T11:50:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150500.20.46.1.aarch64",
"product": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64",
"product_id": "gvim-9.2.0280-150500.20.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150500.20.46.1.aarch64",
"product": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64",
"product_id": "vim-9.2.0280-150500.20.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"product_id": "vim-small-9.2.0280-150500.20.46.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150500.20.46.1.i586",
"product": {
"name": "gvim-9.2.0280-150500.20.46.1.i586",
"product_id": "gvim-9.2.0280-150500.20.46.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150500.20.46.1.i586",
"product": {
"name": "vim-9.2.0280-150500.20.46.1.i586",
"product_id": "vim-9.2.0280-150500.20.46.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150500.20.46.1.i586",
"product": {
"name": "vim-small-9.2.0280-150500.20.46.1.i586",
"product_id": "vim-small-9.2.0280-150500.20.46.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.2.0280-150500.20.46.1.noarch",
"product": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch",
"product_id": "vim-data-9.2.0280-150500.20.46.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"product_id": "vim-data-common-9.2.0280-150500.20.46.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"product": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"product_id": "gvim-9.2.0280-150500.20.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150500.20.46.1.ppc64le",
"product": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le",
"product_id": "vim-9.2.0280-150500.20.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"product": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"product_id": "vim-small-9.2.0280-150500.20.46.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150500.20.46.1.s390x",
"product": {
"name": "gvim-9.2.0280-150500.20.46.1.s390x",
"product_id": "gvim-9.2.0280-150500.20.46.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150500.20.46.1.s390x",
"product": {
"name": "vim-9.2.0280-150500.20.46.1.s390x",
"product_id": "vim-9.2.0280-150500.20.46.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150500.20.46.1.s390x",
"product": {
"name": "vim-small-9.2.0280-150500.20.46.1.s390x",
"product_id": "vim-small-9.2.0280-150500.20.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-150500.20.46.1.x86_64",
"product": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64",
"product_id": "gvim-9.2.0280-150500.20.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-150500.20.46.1.x86_64",
"product": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64",
"product_id": "vim-9.2.0280-150500.20.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"product_id": "vim-small-9.2.0280-150500.20.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-150500.20.46.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "gvim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-150500.20.46.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-150500.20.46.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-150500.20.46.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-150500.20.46.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-150500.20.46.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-150500.20.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-24T11:50:57Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-24T11:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:vim-small-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:gvim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-9.2.0280-150500.20.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:vim-small-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:gvim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-9.2.0280-150500.20.46.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.2.0280-150500.20.46.1.noarch",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.s390x",
"openSUSE Leap 15.6:vim-small-9.2.0280-150500.20.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-24T11:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
SUSE-SU-2026:21118-1
Vulnerability from csaf_suse - Published: 2026-04-14 08:33 - Updated: 2026-04-14 08:33| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\n- Update to 9.2.0280\n- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).\n- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).\n- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-486",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21118-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21118-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621118-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21118-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025425.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-14T08:33:54Z",
"generator": {
"date": "2026-04-14T08:33:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21118-1",
"initial_release_date": "2026-04-14T08:33:54Z",
"revision_history": [
{
"date": "2026-04-14T08:33:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"product_id": "vim-small-9.2.0280-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"product_id": "vim-data-common-9.2.0280-slfo.1.1_1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"product": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"product_id": "vim-small-9.2.0280-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"product": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"product_id": "vim-small-9.2.0280-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-slfo.1.1_1.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.x86_64",
"product_id": "vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-slfo.1.1_1.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x"
},
"product_reference": "vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-14T08:33:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-14T08:33:54Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:vim-data-common-9.2.0280-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:vim-small-9.2.0280-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-14T08:33:54Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
SUSE-SU-2026:21124-1
Vulnerability from csaf_suse - Published: 2026-04-14 07:55 - Updated: 2026-04-14 07:55| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\n- Update to 9.2.0280\n- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).\n- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).\n- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-665",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21124-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21124-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621124-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21124-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025420.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-14T07:55:35Z",
"generator": {
"date": "2026-04-14T07:55:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21124-1",
"initial_release_date": "2026-04-14T07:55:35Z",
"revision_history": [
{
"date": "2026-04-14T07:55:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-1.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-1.1.aarch64",
"product_id": "vim-small-9.2.0280-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-1.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-1.1.noarch",
"product_id": "vim-data-common-9.2.0280-1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-1.1.s390x",
"product": {
"name": "vim-small-9.2.0280-1.1.s390x",
"product_id": "vim-small-9.2.0280-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-1.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-1.1.x86_64",
"product_id": "vim-small-9.2.0280-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-1.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x"
},
"product_reference": "vim-small-9.2.0280-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-14T07:55:35Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-14T07:55:35Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:vim-data-common-9.2.0280-1.1.noarch",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.aarch64",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.s390x",
"SUSE Linux Micro 6.0:vim-small-9.2.0280-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-14T07:55:35Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
SUSE-SU-2026:21134-1
Vulnerability from csaf_suse - Published: 2026-04-15 08:14 - Updated: 2026-04-15 08:14| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\n- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).\n- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).\n- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-563",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21134-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21134-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621134-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21134-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045686.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-15T08:14:48Z",
"generator": {
"date": "2026-04-15T08:14:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21134-1",
"initial_release_date": "2026-04-15T08:14:48Z",
"revision_history": [
{
"date": "2026-04-15T08:14:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.aarch64",
"product_id": "vim-small-9.2.0280-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-160000.1.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-160000.1.1.noarch",
"product_id": "vim-data-common-9.2.0280-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.ppc64le",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.ppc64le",
"product_id": "vim-small-9.2.0280-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.s390x",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.s390x",
"product_id": "vim-small-9.2.0280-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.x86_64",
"product_id": "vim-small-9.2.0280-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-160000.1.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T08:14:48Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T08:14:48Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Micro 6.2:vim-small-9.2.0280-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T08:14:48Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
SUSE-SU-2026:21197-1
Vulnerability from csaf_suse - Published: 2026-04-15 08:14 - Updated: 2026-04-15 08:14| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\n- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).\n- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).\n- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-563",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21197-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21197-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621197-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21197-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025498.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259985",
"url": "https://bugzilla.suse.com/1259985"
},
{
"category": "self",
"summary": "SUSE Bug 1261191",
"url": "https://bugzilla.suse.com/1261191"
},
{
"category": "self",
"summary": "SUSE Bug 1261271",
"url": "https://bugzilla.suse.com/1261271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34982/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2026-04-15T08:14:48Z",
"generator": {
"date": "2026-04-15T08:14:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21197-1",
"initial_release_date": "2026-04-15T08:14:48Z",
"revision_history": [
{
"date": "2026-04-15T08:14:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-160000.1.1.aarch64",
"product": {
"name": "gvim-9.2.0280-160000.1.1.aarch64",
"product_id": "gvim-9.2.0280-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-160000.1.1.aarch64",
"product": {
"name": "vim-9.2.0280-160000.1.1.aarch64",
"product_id": "vim-9.2.0280-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.aarch64",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.aarch64",
"product_id": "vim-small-9.2.0280-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0280-160000.1.1.aarch64",
"product": {
"name": "xxd-9.2.0280-160000.1.1.aarch64",
"product_id": "xxd-9.2.0280-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.2.0280-160000.1.1.noarch",
"product": {
"name": "vim-data-9.2.0280-160000.1.1.noarch",
"product_id": "vim-data-9.2.0280-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.2.0280-160000.1.1.noarch",
"product": {
"name": "vim-data-common-9.2.0280-160000.1.1.noarch",
"product_id": "vim-data-common-9.2.0280-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-160000.1.1.ppc64le",
"product": {
"name": "gvim-9.2.0280-160000.1.1.ppc64le",
"product_id": "gvim-9.2.0280-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-160000.1.1.ppc64le",
"product": {
"name": "vim-9.2.0280-160000.1.1.ppc64le",
"product_id": "vim-9.2.0280-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.ppc64le",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.ppc64le",
"product_id": "vim-small-9.2.0280-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0280-160000.1.1.ppc64le",
"product": {
"name": "xxd-9.2.0280-160000.1.1.ppc64le",
"product_id": "xxd-9.2.0280-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-160000.1.1.s390x",
"product": {
"name": "gvim-9.2.0280-160000.1.1.s390x",
"product_id": "gvim-9.2.0280-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-160000.1.1.s390x",
"product": {
"name": "vim-9.2.0280-160000.1.1.s390x",
"product_id": "vim-9.2.0280-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.s390x",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.s390x",
"product_id": "vim-small-9.2.0280-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0280-160000.1.1.s390x",
"product": {
"name": "xxd-9.2.0280-160000.1.1.s390x",
"product_id": "xxd-9.2.0280-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.2.0280-160000.1.1.x86_64",
"product": {
"name": "gvim-9.2.0280-160000.1.1.x86_64",
"product_id": "gvim-9.2.0280-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.2.0280-160000.1.1.x86_64",
"product": {
"name": "vim-9.2.0280-160000.1.1.x86_64",
"product_id": "vim-9.2.0280-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.2.0280-160000.1.1.x86_64",
"product": {
"name": "vim-small-9.2.0280-160000.1.1.x86_64",
"product_id": "vim-small-9.2.0280-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xxd-9.2.0280-160000.1.1.x86_64",
"product": {
"name": "xxd-9.2.0280-160000.1.1.x86_64",
"product_id": "xxd-9.2.0280-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "gvim-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x"
},
"product_reference": "gvim-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "gvim-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "vim-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "vim-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x"
},
"product_reference": "vim-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "vim-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch"
},
"product_reference": "vim-data-9.2.0280-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "xxd-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "xxd-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x"
},
"product_reference": "xxd-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "xxd-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "gvim-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "gvim-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x"
},
"product_reference": "gvim-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "gvim-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "vim-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "vim-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x"
},
"product_reference": "vim-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "vim-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.2.0280-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch"
},
"product_reference": "vim-data-9.2.0280-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.2.0280-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch"
},
"product_reference": "vim-data-common-9.2.0280-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "vim-small-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64"
},
"product_reference": "xxd-9.2.0280-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le"
},
"product_reference": "xxd-9.2.0280-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x"
},
"product_reference": "xxd-9.2.0280-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xxd-9.2.0280-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
},
"product_reference": "xxd-9.2.0280-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33412"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim\u0027s glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user\u0027s \u0027shell\u0027 setting. This issue has been patched in version 9.2.0202.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33412",
"url": "https://www.suse.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "SUSE Bug 1259985 for CVE-2026-33412",
"url": "https://bugzilla.suse.com/1259985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T08:14:48Z",
"details": "moderate"
}
],
"title": "CVE-2026-33412"
},
{
"cve": "CVE-2026-34714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34714"
}
],
"notes": [
{
"category": "general",
"text": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34714",
"url": "https://www.suse.com/security/cve/CVE-2026-34714"
},
{
"category": "external",
"summary": "SUSE Bug 1261191 for CVE-2026-34714",
"url": "https://bugzilla.suse.com/1261191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T08:14:48Z",
"details": "important"
}
],
"title": "CVE-2026-34714"
},
{
"cve": "CVE-2026-34982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34982"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34982",
"url": "https://www.suse.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "SUSE Bug 1261271 for CVE-2026-34982",
"url": "https://bugzilla.suse.com/1261271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:xxd-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:gvim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-data-common-9.2.0280-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:vim-small-9.2.0280-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:xxd-9.2.0280-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T08:14:48Z",
"details": "important"
}
],
"title": "CVE-2026-34982"
}
]
}
WID-SEC-W-2026-0940
Vulnerability from csaf_certbund - Published: 2026-03-31 22:00 - Updated: 2026-07-01 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Cryostat <4.2.0
Red Hat / Enterprise Linux
|
Cryostat <4.2.0 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source vim <9.2.0276
Open Source / vim
|
<9.2.0276 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in vim ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0940 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0940.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0940 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0940"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8h6p-m6gr-mpw9 vom 2026-03-31",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8171-1 vom 2026-04-14",
"url": "https://ubuntu.com/security/notices/USN-8171-1"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2026-04-14",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1347-1 vom 2026-04-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025369.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1387-1 vom 2026-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025394.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21124-1 vom 2026-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025420.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21132-1 vom 2026-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025413.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21130-1 vom 2026-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025415.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21118-1 vom 2026-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025425.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21134-1 vom 2026-04-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025451.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21136-1 vom 2026-04-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025450.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20540-1 vom 2026-04-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KSW6VZ3V4JUNIWHWSILTIDFYKMDGE7YX/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21197-1 vom 2026-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025498.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1607-1 vom 2026-04-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025613.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11510 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:11510"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11389 vom 2026-04-28",
"url": "https://access.redhat.com/errata/RHSA-2026:11389"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11509 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:11509"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-11389 vom 2026-04-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-11389.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-11510 vom 2026-04-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-11510.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-11509 vom 2026-04-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-11509.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3251 vom 2026-04-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3251.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:11510 vom 2026-04-30",
"url": "https://errata.build.resf.org/RLSA-2026:11510"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10652-1 vom 2026-05-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUIWGPOJGY5NMS6UQ5ANZWO7WXVM2ZW3/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:11389 vom 2026-05-01",
"url": "https://errata.build.resf.org/RLSA-2026:11389"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:11509 vom 2026-04-30",
"url": "https://errata.build.resf.org/RLSA-2026:11509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14391 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19073 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19073"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19224 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19224"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17789 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:17789"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
"url": "https://access.redhat.com/errata/RHSA-2026:21275"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:19224 vom 2026-05-28",
"url": "https://errata.build.resf.org/RLSA-2026:19224"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28049 vom 2026-06-22",
"url": "https://access.redhat.com/errata/RHSA-2026:28049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28050 vom 2026-06-22",
"url": "https://access.redhat.com/errata/RHSA-2026:28050"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30088 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30087 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30087"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30089 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:33453 vom 2026-06-30",
"url": "https://access.redhat.com/errata/RHSA-2026:33453"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34477 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34477"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34476 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34476"
}
],
"source_lang": "en-US",
"title": "vim: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2026-07-01T22:00:00.000+00:00",
"generator": {
"date": "2026-07-02T09:21:03.224+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0940",
"initial_release_date": "2026-03-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-06T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-19313, 2455400"
},
{
"date": "2026-04-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-19T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von openSUSE und SUSE aufgenommen"
},
{
"date": "2026-04-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und openSUSE aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-22T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-25T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-29T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-07-01T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "22"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.0276",
"product": {
"name": "Open Source vim \u003c9.2.0276",
"product_id": "T052326"
}
},
{
"category": "product_version",
"name": "9.2.0276",
"product": {
"name": "Open Source vim 9.2.0276",
"product_id": "T052326-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:9.2.0276"
}
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Cryostat \u003c4.2.0",
"product": {
"name": "Red Hat Enterprise Linux Cryostat \u003c4.2.0",
"product_id": "T054651"
}
},
{
"category": "product_version",
"name": "Cryostat 4.2.0",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 4.2.0",
"product_id": "T054651-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat__4.2.0"
}
}
},
{
"category": "product_version",
"name": "Update Infrastructure 5.1",
"product": {
"name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
"product_id": "T054761",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-34982",
"product_status": {
"known_affected": [
"T054761",
"T054651",
"T002207",
"67646",
"T000126",
"T027843",
"T052326",
"398363",
"T049210",
"T004914",
"T032255"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-34982"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.