netty: Information disclosure via the local system temporary directory

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...

Advisory ROSA-SA-2021-1820

Software: cyrus-sasl 2.1.26 OS: Cobalt 7.9 CVE-ID: CVE-2020-8032 CVE-Crit: HIGH CVE-DESC: An insecure temporary file vulnerability in the cyrus-sasl openSUSE Factory package allows local attackers to escalate to the root level. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 an...

CVE-2021-28597

Adobe Photoshop Elements version 5.2 and earlier is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require...

Design/Logic Flaw

Adobe Premiere Elements version 5.2 and earlier is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require...

CVE-2021-28597

CVE-2021-28597 affects Adobe Photoshop Elements 5.2 and earlier. The issue arises from insecure temporary-file creation in a directory with incorrect permissions, enabling a local attacker to call installer functions and perform high-privilege actions without user interaction. Practical impact is...

CVE-2021-28597 Adobe Photoshop Elements Privilege Escalation Vulnerability - symbolic link

Adobe Photoshop Elements version 5.2 and earlier is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require...

Insecure temporary file used in com.squareup:connect

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

CVE-2021-33669

Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and...

SUSE: Security Advisory (SUSE-SU-2014:0705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Ansible -- Insecure Temporary File (50ec3a01-ad77-11eb-8528-8c164582fbac)

NVD reports : An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems.. %NASLMINLEVEL 70300 C...

Insecure Temporary File

org.openapitools, openapi-generator-maven-plugin uses insecure temporary file. The vulnerability exists due to the usage of the function File.createTempFile which allows an attacker can predict the name of the temporary file and potentially gain access to confidential information...

Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

CVE-2021-25316

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux...

CVE-2021-25316

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux...

Design/Logic Flaw

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux...

CVE-2021-25316 Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux...

CVE-2021-25316

CVE-2021-25316 is a vulnerability in the s390-tools package used by SUSE Linux Enterprise Server (SLES) 12-SP5 and 15-SP2. The root cause is insecure/predictable temporary file handling in detach_disks.sh, enabling local attackers to disrupt VM live migrations. Affected versions: SLES 12-SP5 with...

GHSA-VCG8-98Q8-G7MJ Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

netty: Information disclosure via the local system temporary directory

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...

Insecure temporary file in Netflix OSS Hollow

ID: NFLX-2021-001 Title: Local information disclosure in Hollow Release Date: 2021-03-23 Credit: Security Researcher @JLLeitschuh Overview Security researcher @JLLeitschuh reported that Netflix Hollow a Netflix OSS project available here: https://github.com/Netflix/hollow writes to a local...