Total
21 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7549 | 2 Openstack, Redhat | 2 Instack-undercloud, Openstack | 2024-11-21 | 3.3 LOW | 6.4 MEDIUM |
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | |||||
CVE-2024-49506 | 2024-11-13 | N/A | N/A | ||
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem | |||||
CVE-2024-10372 | 1 Chidiwilliams | 1 Buzz | 2024-11-06 | 3.5 LOW | 3.6 LOW |
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-6654 | 2024-10-09 | N/A | N/A | ||
Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. | |||||
CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-09-25 | N/A | 8.1 HIGH |
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | |||||
CVE-2024-34490 | 2024-07-03 | N/A | 5.1 MEDIUM | ||
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | |||||
CVE-2023-2800 | 1 Huggingface | 1 Transformers | 2024-02-28 | N/A | 4.7 MEDIUM |
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | |||||
CVE-2022-41954 | 1 Mpxj | 1 Mpxj | 2024-02-28 | N/A | 3.3 LOW |
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. | |||||
CVE-2022-4641 | 1 Pig-vector Project | 1 Pig-vector | 2024-02-28 | N/A | 5.5 MEDIUM |
A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500. | |||||
CVE-2022-3969 | 1 Openkm | 1 Openkm | 2024-02-28 | N/A | 5.5 MEDIUM |
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548. | |||||
CVE-2022-21945 | 1 Opensuse | 2 Cscreen, Factory | 2024-02-28 | 3.6 LOW | 6.1 MEDIUM |
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | |||||
CVE-2021-46705 | 3 Gnu, Opensuse, Suse | 3 Grub2, Factory, Linux Enterprise Server | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. | |||||
CVE-2011-4119 | 1 Inria | 1 Caml-light | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. | |||||
CVE-2021-29429 | 2 Gradle, Quarkus | 2 Gradle, Quarkus | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. | |||||
CVE-2021-25316 | 1 Suse | 2 Linux Enterprise Server, S390-tools | 2024-02-28 | 2.1 LOW | 3.3 LOW |
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1. | |||||
CVE-2012-2666 | 1 Golang | 1 Go | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | |||||
CVE-2021-20202 | 1 Redhat | 1 Keycloak | 2024-02-28 | 4.6 MEDIUM | 7.3 HIGH |
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
CVE-2020-8032 | 1 Opensuse | 1 Cyrus-sasl | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. | |||||
CVE-2020-8027 | 2 Opensuse, Suse | 3 Leap, Openldap2, Linux Enterprise Server | 2024-02-28 | 4.6 MEDIUM | 6.6 MEDIUM |
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1. | |||||
CVE-2020-8030 | 1 Suse | 1 Caas Platform | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster. |