Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34387 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.
|
|||||
| CVE-2022-21945 | 1 Opensuse | 2 Cscreen, Factory | 2024-11-21 | 3.6 LOW | 5.1 MEDIUM |
|
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
|
|||||
| CVE-2022-21809 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.
|
|||||
| CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
|
|||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
|
|||||
| CVE-2021-46705 | 3 Gnu, Opensuse, Suse | 3 Grub2, Factory, Linux Enterprise Server | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
|
|||||
| CVE-2021-29429 | 2 Gradle, Quarkus | 2 Gradle, Quarkus | 2024-11-21 | 1.9 LOW | 4.0 MEDIUM |
|
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are ...
Show More |
|||||
| CVE-2021-25316 | 1 Suse | 2 Linux Enterprise Server, S390-tools | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.
|
|||||
| CVE-2021-22572 | 1 Google | 1 Data Transfer Project | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
|
|||||
| CVE-2021-20202 | 1 Redhat | 1 Keycloak | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.
|
|||||
| CVE-2020-8032 | 1 Opensuse | 1 Cyrus-sasl | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
|
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
|
|||||
| CVE-2020-8030 | 1 Suse | 1 Caas Platform | 2024-11-21 | 3.6 LOW | 3.6 LOW |
|
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
|
|||||
| CVE-2020-8027 | 2 Opensuse, Suse | 3 Leap, Openldap2, Linux Enterprise Server | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior ...
Show More |
|||||
| CVE-2020-35451 | 1 Apache | 1 Oozie | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.
|
|||||
| CVE-2020-2016 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.5 HIGH | 7.0 HIGH |
|
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; ...
Show More |
|||||
| CVE-2020-25636 | 1 Redhat | 1 Ansible | 2024-11-21 | 3.6 LOW | 6.6 MEDIUM |
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.
|
|||||
| CVE-2020-1994 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.9 MEDIUM | 4.1 MEDIUM |
|
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7.
|
|||||
| CVE-2020-1991 | 2 Microsoft, Paloaltonetworks | 2 Windows, Traps | 2024-11-21 | 3.6 LOW | 7.8 HIGH |
|
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
|
|||||
| CVE-2020-1981 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
|
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.
|
|||||
| CVE-2020-1740 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2024-11-21 | 1.9 LOW | 3.9 LOW |
|
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to ...
Show More |
|||||
| CVE-2020-1733 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2024-11-21 | 3.7 LOW | 5.0 MEDIUM |
|
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target direct ...
Show More |
|||||
| CVE-2020-10744 | 1 Redhat | 2 Ansible, Ansible Tower | 2024-11-21 | 3.7 LOW | 5.0 MEDIUM |
|
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
|
|||||
| CVE-2018-6706 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.
|
|||||
| CVE-2018-6705 | 1 Mcafee | 1 Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
|
|||||
| CVE-2018-6704 | 1 Mcafee | 1 Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
|
|||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
|
|||||
| CVE-2018-25068 | 1 Globalpom-utils Project | 1 Globalpom-utils | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560 ...
Show More |
|||||
| CVE-2018-1053 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2024-11-21 | 3.3 LOW | 7.0 HIGH |
|
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is inf ...
Show More |
|||||
| CVE-2018-19640 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
|
|||||
| CVE-2018-19638 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 3.3 LOW | 2.2 LOW |
|
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
|
|||||
| CVE-2018-19637 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 3.6 LOW | 2.8 LOW |
|
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
|
|||||
| CVE-2018-17955 | 1 Opensuse | 1 Yast2-multipath | 2024-11-21 | 3.6 LOW | 2.2 LOW |
|
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
|
|||||
| CVE-2018-16494 | 1 Versa-networks | 1 Versa Operating System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
|
|||||
| CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
|
|||||
| CVE-2017-15111 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
|
|||||
| CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | 3.6 LOW | 7.3 HIGH |
|
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
|
|||||
| CVE-2013-4561 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
|
|||||
| CVE-2012-2666 | 1 Golang | 1 Go | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
|
|||||
| CVE-2011-4119 | 1 Inria | 1 Caml-light | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.
|
|||||
| CVE-2024-10372 | 1 Chidiwilliams | 1 Buzz | 2024-11-06 | 3.5 LOW | 3.6 LOW |
|
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in ...
Show More |
|||||