22 matches found
MGASA-2026-0121 Updated nano packages fix security vulnerabilities
Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...
Updated nano packages fix security vulnerabilities
Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...
OESA-2026-2160 nano security update
Nano is a tiny GNU editor Security Fixes: A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which...
Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
...
SUSE CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
EUVD-2026-24633
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-6842
In Nano, a local attacker can exploit insecure directory permissions in environments with permissive umask settings. Specifically, overly permissive 0777 permissions on ~/.local allow injection of a malicious .desktop launcher, which could trigger unintended actions or information disclosure when...
CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
PT-2026-34267
Name of the Vulnerable Software and Affected Versions nano affected versions not specified Description A flaw exists where incorrect directory permissions are applied to the /.local directory, setting them to 0777 instead of 0700 in environments with permissive umask settings. A local attacker ca...
EUVD-2014-4780
Malware in sbrugna...
Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Secret Server
Summary Multiple vulnerabilities identified on IBM Security Secret Server have been addressed in the release 10.7.000059. Vulnerability Details CVEID: CVE-2012-5662 DESCRIPTION: x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name CN ...
Thycotic Secret Server Credentials Disclosure Vulnerability
The Remote Desktop Launcher in Thycotic Secret Server does not properly cleanup a temporary file that contains an encrypted password once a session has ended. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Thycotic Secret Server Remote Desktop Launcher Remote Desktop Launch Vulnerability
Thycotic Secret Server is a suite of password protection software from Thycotic, Inc. Remote Desktop Launcher is one of the remote desktop launchers. A security vulnerability exists in Remote Desktop Launcher in versions of Thycotic Secret Server prior to 8.6.000010, which stems from the program...
Default credentials
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...
CVE-2014-4861
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...
CVE-2014-4861
CVE-2014-4861 affects Thycotic Secret Server’s Remote Desktop Launcher, where a temporary file containing an encrypted password is not properly cleaned up after a session ends. This could expose credentials if the file persists. Affected: Secret Server prior to 8.6.000010. Root cause: inadequate ...