Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49344 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49342 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49345 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49346 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | |||||
| CVE-2023-2800 | 1 Huggingface | 1 Transformers | 2023-12-10 | N/A | 4.7 MEDIUM |
| Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | |||||
| CVE-2022-41954 | 1 Mpxj | 1 Mpxj | 2023-12-10 | N/A | 3.3 LOW |
| MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. | |||||
| CVE-2022-4641 | 1 Pig-vector Project | 1 Pig-vector | 2023-12-10 | N/A | 5.5 MEDIUM |
| A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500. | |||||
| CVE-2022-3969 | 1 Openkm | 1 Openkm | 2023-12-10 | N/A | 5.5 MEDIUM |
| A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548. | |||||
| CVE-2021-46705 | 3 Gnu, Opensuse, Suse | 3 Grub2, Factory, Linux Enterprise Server | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. | |||||
| CVE-2022-21945 | 1 Opensuse | 2 Cscreen, Factory | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
| A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | |||||
| CVE-2011-4119 | 1 Inria | 1 Caml-light | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. | |||||
| CVE-2021-25316 | 1 Suse | 2 Linux Enterprise Server, S390-tools | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1. | |||||
| CVE-2012-2666 | 1 Golang | 1 Go | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | |||||
| CVE-2021-20202 | 1 Redhat | 1 Keycloak | 2023-12-10 | 4.6 MEDIUM | 7.3 HIGH |
| A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-29429 | 2 Gradle, Quarkus | 2 Gradle, Quarkus | 2023-12-10 | 1.9 LOW | 5.5 MEDIUM |
| In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. | |||||
| CVE-2020-8030 | 1 Suse | 1 Caas Platform | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
| A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster. | |||||
| CVE-2020-8027 | 2 Opensuse, Suse | 3 Leap, Openldap2, Linux Enterprise Server | 2023-12-10 | 4.6 MEDIUM | 6.6 MEDIUM |
| A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1. | |||||
| CVE-2020-8032 | 1 Opensuse | 1 Cyrus-sasl | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
| A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. | |||||
| CVE-2020-1740 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
| A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | |||||