143 matches found
OPENSUSE-SU-2026:21166-1 Security update for nano
This update for nano fixes the following issues: Changes in nano: - Update to version 9.1: When searching, the viewport is placed snug left where possible. The ability to read and write files in old Mac format a lone carriage return as line ending was removed. The ^T toggle between WhereIs and...
[SECURITY] Fedora 43 Update: restic-0.19.0-1.fc43
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
[SECURITY] Fedora 44 Update: restic-0.19.0-1.fc44
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
CVE-2026-40987
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...
CVE-2026-40987 Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...
CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content...
OESA-2026-2160 nano security update
Nano is a tiny GNU editor Security Fixes: A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which...
UBUNTU-CVE-2026-40556
GNU nano creates the user\u2019s /.local directory with overly permis...
CVE-2026-40556
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-40556
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-40556
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2026-26053
GNU nano creates the user’s /.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group XDG data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where...
CVE-2026-40556
In the connected Debian/CVE entry, GNU nano is affected by a local permission issue: when the user’s ~/.local directory does not exist, nano creates it with mode 0777, making it world‑writable in environments where the umask is lax. This creates a race window where an attacker could leverage the ...
CVE-2026-40556
Removed by vendor...
SUSE CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
GNU nano 安全漏洞
GNU nano is a lightweight terminal text editor from the GNU community in the United States. Versions of GNU nano prior to 9.0 contained security vulnerabilities. These vulnerabilities stemmed from overly permissive permissions when creating the user’s /.local directory. This could allow local...
PT-2026-35729
Name of the Vulnerable Software and Affected Versions GNU nano versions prior to 9.0 Description GNU nano creates the user's /.local directory with overly permissive permissions when it does not already exist. During the first use of features requiring Cross-Desktop Group XDG data storage, the...
CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
PT-2026-34267
Name of the Vulnerable Software and Affected Versions nano affected versions not specified Description A flaw exists where incorrect directory permissions are applied to the /.local directory, setting them to 0777 instead of 0700 in environments with permissive umask settings. A local attacker ca...