org.webjars.npm:bazel__karma (=1.7.0), org.webjars.npm:broccoli-merge-trees (=2.0.0) +15 more potentially affected by CVE-2025-54798 via org.webjars.npm:tmp (>=0.0.24 <=0.2.3)

org.webjars.npm:tmp MAVEN version =0.0.24, =2.1.0, =0.19.11, =0.2.11, =3.2.3, =6.5.0, =2.52.0, =4.10.0 - org.webjars.npm:snyk-go-plugin =1.5.2 - org.webjars.npm:snyk-python-plugin =1.8.1 and more Source cves: CVE-2025-54798 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-11501555...

Timeshift Code Execution Vulnerability

Timeshift is a Linux system restore tool. The product supports the creation of file system snapshots and provides features such as snapshot recovery. A security vulnerability exists in Timeshift versions prior to 20.03, which stems from the 'inittmp' function of the TeeJee.FileSystem.vala file...

CVE-2018-18654

Crossroads 2.81 is affected by a local-attack vulnerability during build of xr: a world-writable subdirectory under /tmp can be exploited when xr is copied there, allowing an attacker to replace the directory contents with a Trojan horse xr. This is described across multiple sources (NVD/Red Hat/...

CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

RuboCop gem Insecure use of /tmp

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

Mathematica On Linux /tmp Vulnerability

"If you're doing anything technical, think Mathematica --..." http://www.wolfram.com/products/mathematica/index.html Mathematica7 on Linux uses the /tmp/MathLink directory in insecure ways. Mathematica creates or re-uses an existing /tmp/MathLink directory, and overwrites files within and follows...

Slackware Linux - &#039;/usr/bin/ppp-off&#039; Insecure /tmp Call

!/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root runs the ppp-off script, the output of 'ps x' woul...