CVE-2022-0315 Insecure Temporary File in horovod/horovod

Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0...

CVE-2022-0315

The CVE-2022-0315 issue affects horovod/horovod prior to 0.24.0, where insecure use of tempfile.mktemp() can occur when Horovod runs in an LSF job with jsrun. This could allow a separate process to read or modify the created rank file. The advisory notes that the problem is fixed in commit b96eca...

GitHub horovod 安全漏洞

GitHub horovod is a distributed training framework for TensorFlow, Keras, PyTorch, and Apache MXNet. A security vulnerability exists in GitHub horovod 0.24.0, which stems from a previously insecure temporary file...

GitHub Security Lab: CPP: Add query for CWE-377 Insecure Temporary File

This bug was reported directly to GitHub Security Lab...

Design/Logic Flaw

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2...

Design/Logic Flaw

A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions...

CVE-2022-21945

CVE-2022-21945 affects openSUSE Factory cscreen (versions 1.2–1.3 and earlier). The root cause is an insecure temporary file handling that uses a fixed path (/tmp/cscreen.debug), enabling local attackers to cause DoS to cscreen and DoS to non-default systems. Practical impact is local, with avail...

CVE-2022-21945 cscreen: usage of fixed path /tmp/cscreen.debug

A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions...

CVE-2021-46705 grub2-once uses fixed file name in /var/tmp

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2...

CVE-2021-46705

CVE-2021-46705 affects grub2 (grub-once) in SUSE Linux Enterprise Server 15 SP4 and openSUSE Factory. The issue is an Insecure Temporary File vulnerability that lets local attackers truncate arbitrary files via grub-once/grub2. Affected versions are grub2 prior to 2.06-150400.7.1 on SLE 15 SP4, a...

CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2...

PT-2022-17071 · Printix · Printix Secure Cloud Print Management

Name of the Vulnerable Software and Affected Versions: Printix Secure Cloud Print Management versions 1.3.1106.0 and earlier Description: The issue is related to the creation of a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation due to a race...

GHSA-VQJ2-4V8M-8VRQ Insecure Temporary File in mlflow

mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function tempfile.mktemp is deprecated and mkstemp should be used instead...

PYSEC-2022-28

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...

PYSEC-2022-28

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...

CVE-2022-0736

CVE-2022-0736 affects mlflow/mlflow prior to 1.23.1, describing an insecure temporary file issue. The root cause is use of the deprecated tempfile.mktemp() pattern in the affected code, with remediation to upgrade to mlflow 1.23.1 or later as indicated by OSV/GHSA entries. The connected sources c...

PT-2022-13398 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 1.23.1 Description: The issue is related to an insecure temporary file in the GitHub repository mlflow/mlflow. The tempfile.mktemp function is deprecated and should be replaced with mkstemp. Recommendations: For...

GHSA-VP9J-RGHQ-8JHH Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9...

GLSA-202107-03 : libqb: Insecure temporary file

The remote host is affected by the vulnerability described in GLSA-202107-03 libqb: Insecure temporary file It was discovered that libqb used predictable filenames under /dev/shm and /tmp without OEXCL. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with the...

Insecure Temporary File in mlflow/mlflow

Description mlflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...