Search Results (369 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3106 1 Pulpproject 1 Pulp 2025-04-20 N/A
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
CVE-2015-0233 1 Fedoraproject 1 389 Administration Server 2025-04-20 N/A
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38.
CVE-2015-1795 1 Redhat 3 Enterprise Linux, Gluster Storage, Storage 2025-04-20 N/A
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
CVE-2015-5232 1 Cornelisnetworks 2 Opa-ff, Opa-fm 2025-04-20 8.1 High
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
CVE-2015-1839 2 Fedoraproject, Saltstack 2 Fedora, Salt 2025-04-20 N/A
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2015-1838 2 Fedoraproject, Saltstack 2 Fedora, Salt 2025-04-20 N/A
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2015-0234 1 Pki-core Project 1 Pki-core 2025-04-20 N/A
Multiple temporary file creation vulnerabilities in pki-core 10.2.0.
CVE-2016-3108 2 Pulpproject, Redhat 3 Pulp, Satellite, Satellite Capsule 2025-04-20 N/A
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.
CVE-2022-25347 1 Deltaww 1 Diaenergie 2025-04-16 9.8 Critical
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
CVE-2022-26386 4 Apple, Linux, Mozilla and 1 more 7 Macos, Linux Kernel, Firefox Esr and 4 more 2025-04-15 6.5 Medium
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7.
CVE-2022-21809 1 Inhandnetworks 2 Inrouter302, Inrouter302 Firmware 2025-04-15 8.1 High
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.
CVE-2022-3952 1 Manydesigns 1 Portofino 2025-04-15 2.6 Low
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.
CVE-2022-3969 1 Openkm 1 Openkm 2025-04-15 2.6 Low
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.
CVE-2015-5273 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-12 N/A
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
CVE-2001-1593 1 Gnu 1 A2ps 2025-04-12 N/A
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-0135 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Kafo 2025-04-12 N/A
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
CVE-2014-2524 4 Fedoraproject, Gnu, Mageia and 1 more 4 Fedora, Readline, Mageia and 1 more 2025-04-12 N/A
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-4038 3 Ppc64-diag Project, Redhat, Suse 4 Ppc64-diag, Enterprise Linux, Enterprise Linux Server and 1 more 2025-04-12 N/A
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
CVE-2014-4039 3 Ppc64-diag Project, Redhat, Suse 4 Ppc64-diag, Enterprise Linux, Enterprise Linux Server and 1 more 2025-04-12 N/A
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
CVE-2015-0383 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.