Lucene search
K

143 matches found

OSV
OSV
added 2026/06/29 8:14 a.m.4 views

OPENSUSE-SU-2026:21166-1 Security update for nano

This update for nano fixes the following issues: Changes in nano: - Update to version 9.1: When searching, the viewport is placed snug left where possible. The ability to read and write files in old Mac format a lone carriage return as line ending was removed. The ^T toggle between WhereIs and...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/19 1:10 a.m.14 views

[SECURITY] Fedora 43 Update: restic-0.19.0-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
Fedora
Fedora
added 2026/06/19 1:1 a.m.17 views

[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

9.8CVSS5.3AI score0.34734EPSS
Exploits4
NVD
NVD
added 2026/06/11 7:16 a.m.16 views

CVE-2026-40987

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:3 a.m.29 views

CVE-2026-40987 Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS0.0021EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.8 views

CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content...

7.1CVSS5.4AI score0.0021EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/03 9:56 a.m.7 views

OESA-2026-2160 nano security update

Nano is a tiny GNU editor Security Fixes: A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which...

5.5CVSS5.7AI score0.00108EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 12:0 a.m.3 views

UBUNTU-CVE-2026-40556

GNU nano creates the user\u2019s /.local directory with overly permis...

5.3AI score
Exploits0References2
NVD
NVD
added 2026/04/28 3:16 p.m.7 views

CVE-2026-40556

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
UbuntuCve
UbuntuCve
added 2026/04/28 3:16 p.m.6 views

CVE-2026-40556

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:54 p.m.7 views

CVE-2026-40556

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score
Exploits0References4
EUVD
EUVD
added 2026/04/28 1:54 p.m.6 views

EUVD-2026-26053

GNU nano creates the user’s /.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group XDG data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where...

2.1CVSS5.3AI score
Exploits0References3
CVE
CVE
added 2026/04/28 1:54 p.m.13 views

CVE-2026-40556

In the connected Debian/CVE entry, GNU nano is affected by a local permission issue: when the user’s ~/.local directory does not exist, nano creates it with mode 0777, making it world‑writable in environments where the umask is lax. This creates a race window where an attacker could leverage the ...

5.3AI score
Exploits0
Debian CVE
Debian CVE
added 2026/04/28 1:54 p.m.4 views

CVE-2026-40556

Removed by vendor...

5.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/28 1:45 a.m.7 views

SUSE CVE-2026-6842

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS5.3AI score0.00085EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

GNU nano 安全漏洞

GNU nano is a lightweight terminal text editor from the GNU community in the United States. Versions of GNU nano prior to 9.0 contained security vulnerabilities. These vulnerabilities stemmed from overly permissive permissions when creating the user’s /.local directory. This could allow local...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35729

Name of the Vulnerable Software and Affected Versions GNU nano versions prior to 9.0 Description GNU nano creates the user's /.local directory with overly permissive permissions when it does not already exist. During the first use of features requiring Cross-Desktop Group XDG data storage, the...

2.1CVSS5.8AI score
Exploits0References19
NVD
NVD
added 2026/04/22 8:16 a.m.6 views

CVE-2026-6842

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 7:34 a.m.4 views

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS5.7AI score0.00085EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34267

Name of the Vulnerable Software and Affected Versions nano affected versions not specified Description A flaw exists where incorrect directory permissions are applied to the /.local directory, setting them to 0777 instead of 0700 in environments with permissive umask settings. A local attacker ca...

2.5CVSS5.8AI score0.00085EPSS
Exploits0References26
Rows per page
Query Builder