CVE-2014-1938

python-rply before 0.7.4 insecurely creates temporary files...

CVE-2014-1935

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames...

libqb: Insecure treatment of IPC (temporary) files

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...

CVE-2013-0165

cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp...

Security Bulletin: A security vulnerability has been identified in the WebSphere Application Server, where files with insecure permissions are created on executing the custom startup scripts. (CVE-2017-1382)

Summary WebSphere Application Server WAS is shipped as a component of Rational Asset Manager. When custom startup scripts are run, insecure files are created with default permission instead of customized permission. Such files are vulnerable to be accessed and exploited by a local attacker...

Security Bulletin: IBM WebSphere MQ and IBM MQ Managed File Transfer is affected by an undefined behavior because of insecure file permission vulnerability (CVE-2017-1699)

Summary IBM WebSphere MQ and IBM MQ Managed File Transfer create certain files during startup. The file permissions set on those files are not secure allowing local attacks. This could lead to undefined behavior or remove any pending managed file transfers from an agent. Vulnerability Details...

EulerOS 2.0 SP1 : libnl3 (EulerOS-SA-2016-1067)

According to the version of the libnl3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition vulnerability was discovered in NetworkManager.Temporary files were created insecurely when saving or updating connection settings...

CVE-2016-7489

Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution...

NetworkManager: Race condition allowing info leak

A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys...

lives -- insecure files permissions

Debian reports: smogrify script creates insecure temporary files. lives creates and uses world-writable directory...

[SECURITY] [DSA 3048-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3048-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 08, 2014 http://www.debian.org/security/faq -...

APC PowerChute Plus 4.2.2 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/83/info APC PowerChute PLUS is a software package that will safely shutdown computer systems locally or accross a network when UPS power starts to fail. When operating PowerChute PLUS normally listens to TCP ports 6547 an...

IBM AIX privilege escalation

libodm insecure files creation...

Oracle Linux 4 : bash (ELSA-2011-0261)

From Red Hat Security Advisory 2011:0261 : Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...

Design/Logic Flaw

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...

CVE-2013-1902

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...

OpenFabrics ibutils 1.5.7 /tmp File Clobber

OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability 3/6/2013 Larry W. Cashdollar @larry0 The infiniband diagnostic utiltiy handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. http://www.openfabrics.org/downloads/ibutils/ nobody@exdb01...

Oracle Auto Service Request File Clobber

Oracle Auto Service Request software package creates files insecurely in /tmp using time stamps instead of mkstemp. You can clobber root owned files if you know when around the time the root administrator will be using this utility. larry@oracle-os-lab01 tmp$ for x in seq 500 999; do ln -s...

Oracle Sun Solaris Update Manager symbolic links vulnerability

Insecure temporary files creation...

Scientific Linux Security Update : openswan on SL5.x i386/x86_64

Gerd v. Egidy discovered a flaw in the Dead Peer Detection DPD in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. CVE-2009-0790 It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local...