455 matches found
PT-2023-12769 · Com.Fasterxml · Java-Merge-Sort
Name of the Vulnerable Software and Affected Versions: com.fasterxml.util:java-merge-sort versions prior to 1.1.0 Description: The issue is related to an Insecure Temporary File in the StdTempFileProvider function, located in StdTempFileProvider.java. This function utilizes the permissive...
Insecure Temporary File
Overview com.fasterxml.util:java-merge-sort is a package for basic configurable disk-backed N-way merge sort Affected versions of this package are vulnerable to Insecure Temporary File. in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile...
GHSA-JJVP-WFP8-RV69 globalpom-utils has Insecure Temporary File
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The...
globalpom-utils has Insecure Temporary File
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The...
CVE-2018-25068
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The...
CVE-2018-25068 devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The...
CVE-2018-25068 devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The...
CVE-2022-4817
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is...
Design/Logic Flaw
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is...
CVE-2022-4817 centic9 jgit-cookbook temp file
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is...
Design/Logic Flaw
A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...
CVE-2022-4641 pig-vector LogisticRegression.java LogisticRegression temp file
A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...
SUSE: Security Advisory (SUSE-SU-2022:4022-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
PT-2022-24987 · Openkm · Openkm
Name of the Vulnerable Software and Affected Versions: OpenKM versions up to 6.3.11 Description: A vulnerability was found in the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to an insecure temporary file. Recommendations: For OpenKM...
GHSA-RVP4-R3G6-8HXQ Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Impact org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter contains a local information disclosure vulnerability due to writing credentials username and password to a file that is readable by all other users on unix-like systems. On unix-like systems, the system's...
Adobe Creative Cloud < 2.5 Multiple Vulnerabilities (APSB21-41) (macOS)
The version of Adobe Creative Cloud installed on the remote macOS host is prior to 2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-41 advisory. - Adobe Creative Cloud Desktop Application installer version 2.4 and earlier is affected by an Uncontrolled Searc...
InHand Networks InRouter302 httpd upload.cgi file write vulnerability
Summary A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. Tested Versions InHand Networks...
Insecure Temporary File in SWHKD
SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...
GHSA-47WV-VHJ2-G66M Use of insecure temporary file in Horovod
Impact The insecure tempfile.mktemp is used when Horovod is run in an LSF job with jsrun. In that situation, a jsrun rank file is created with mktemp, which could be hijacked by another process to read or manipulate the content. This issue does not impact the use of MPI, Gloo, Spark or Ray. Patch...