MGASA-2026-0121 Updated nano packages fix security vulnerabilities

Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...

Updated nano packages fix security vulnerabilities

Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...

Exploit for Use of Externally-Controlled Format String in Ghs Integrity_Rtos

Green Hills INTEGRITY RTOS F-16 Exploit - CVE-2019-7711 Ful...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript prior to version 10.03.1 allows for memory corruption, and enables SAFER sandbox bypass, through format string injection using a uniprint device...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in targetlugpmembersshow function located in...

Astra Linux - уязвимость в libinput

A format string vulnerability was detected in libinput...

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

OESA-2026-2160 nano security update

Nano is a tiny GNU editor Security Fixes: A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which...

Nano: nano: format string vulnerability leads to denial of service

...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-6539 Notepad++ 8.9.3 Format String Injection via nativeLang.xml

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-6539 Notepad++ 8.9.3 Format String Injection via nativeLang.xml

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-6539

Notepad++ 8.9.3 is affected by a vulnerability described as a format string injection in the Find Results panel handler, triggered by a malicious nativeLang.xml language pack. The issue can be introduced by poisoned language packs distributed via community channels and triggers format string inte...

EUVD-2026-26436

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-33448

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

CVE-2026-33448 Format string vulnerability in MacOS clients prior to 14.50

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

CVE-2026-33448 Format string vulnerability in MacOS clients prior to 14.50

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

CVE-2026-33448

CVE-2026-33448 describes a format-string vulnerability in the MacOS Secure Access client logging subsystem prior to 14.50. By controlling a modified server, an attacker can cause the client to dump a small portion of memory to log files, potentially exposing secrets. Affected product: Secure Acce...