Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34387 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 6.4 Medium |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. | ||||
| CVE-2024-2313 | 1 Redhat | 1 Enterprise Linux | 2025-03-13 | 2.8 Low |
| If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | ||||
| CVE-2023-38037 | 1 Redhat | 3 Logging, Satellite, Satellite Capsule | 2025-02-15 | 3.3 Low |
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2020-35451 | 1 Apache | 1 Oozie | 2025-02-13 | 4.7 Medium |
| There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. | ||||
| CVE-2023-2800 | 1 Huggingface | 1 Transformers | 2025-01-21 | 4.7 Medium |
| Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | ||||
| CVE-2023-34204 | 1 Imapsync Project | 1 Imapsync | 2025-01-10 | 6.5 Medium |
| imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it. | ||||
| CVE-2024-54661 | 2 Dest-unreach, Redhat | 4 Socat, Enterprise Linux, Rhel E4s and 1 more | 2025-01-09 | 9.8 Critical |
| readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. | ||||
| CVE-2024-49506 | 2024-11-21 | N/A | ||
| Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem | ||||
| CVE-2024-34490 | 2024-11-21 | 5.1 Medium | ||
| In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | ||||
| CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | ||||
| CVE-2023-49346 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | 6 Medium |
| Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-49344 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-49342 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 8.1 High |
| In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | ||||
| CVE-2022-35631 | 3 Apple, Linux, Rapid7 | 3 Macos, Linux Kernel, Velociraptor | 2024-11-21 | 5.5 Medium |
| On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2022-21945 | 1 Opensuse | 2 Cscreen, Factory | 2024-11-21 | 5.1 Medium |
| A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | ||||
| CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 7.5 High |
| Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | ||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2024-11-21 | 7.5 High |
| Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | ||||
| CVE-2021-46705 | 3 Gnu, Opensuse, Suse | 3 Grub2, Factory, Linux Enterprise Server | 2024-11-21 | 5.1 Medium |
| A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. | ||||
| CVE-2021-29429 | 3 Gradle, Quarkus, Redhat | 4 Gradle, Quarkus, Camel Quarkus and 1 more | 2024-11-21 | 4 Medium |
| In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. | ||||